hxxps://anadius[.]su/sims-4-dlc-only

Analysis

max time kernel
549s
max time network
558s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://anadius.su/sims-4-dlc-only

Score

8^/10

discovery motw phishing spyware stealer

Malware Config

Signatures

Downloads MZ/PE file 3 IoCs

flow	pid	Process
1714	1020	setup.exe
1686	1812	msedge.exe
2322	1812	msedge.exe

Executes dropped EXE 10 IoCs

pid	Process
4876	OperaSetup.exe
1020	setup.exe
4448	setup.exe
1164	setup.exe
2604	setup.exe
6728	setup.exe
2864	Assistant_117.0.5408.35_Setup.exe_sfx.exe
6496	assistant_installer.exe
6516	assistant_installer.exe
5400	aria2c.exe

Loads dropped DLL 55 IoCs

pid	Process
1020	setup.exe
4448	setup.exe
1164	setup.exe
2604	setup.exe
6728	setup.exe
6496	assistant_installer.exe
6496	assistant_installer.exe
6516	assistant_installer.exe
6516	assistant_installer.exe
2404	msedge.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
491	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	1812	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1422164188\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1545236511\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1422164188\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1545236511\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_362260169\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1855692409\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1422164188\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_542426861\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1548671065\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1548671065\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1548671065\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_362260169\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1806380412\Microsoft.CognitiveServices.Speech.core.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1548671065\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1806380412\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1548671065\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_829532933\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1978001756\_locales\sr\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Assistant_117.0.5408.35_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	msedge.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	msedge.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876458667828335"	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{16BEBB57-DBFE-4A81-90C0-11E9DFF59DF5}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{77B4C03F-AC47-4C9C-98DB-A1049F44C618}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000_Classes\Local Settings	sims-4-updater-v1.4.2.exe

Modifies system certificate store 2 TTPs 5 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
900	msedge.exe
900	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2992	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2992	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1020	setup.exe
3380	sims-4-updater-v1.4.2.exe
3380	sims-4-updater-v1.4.2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 5860	2404	msedge.exe	85
PID 2404 wrote to memory of 5860	2404	msedge.exe	85
PID 2404 wrote to memory of 1812	2404	msedge.exe	86
PID 2404 wrote to memory of 1812	2404	msedge.exe	86
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 1008	2404	msedge.exe	87
PID 2404 wrote to memory of 2732	2404	msedge.exe	88
PID 2404 wrote to memory of 2732	2404	msedge.exe	88
PID 2404 wrote to memory of 2732	2404	msedge.exe	88
PID 2404 wrote to memory of 2732	2404	msedge.exe	88
PID 2404 wrote to memory of 2732	2404	msedge.exe	88
PID 2404 wrote to memory of 2732	2404	msedge.exe	88
PID 2404 wrote to memory of 2732	2404	msedge.exe	88
PID 2404 wrote to memory of 2732	2404	msedge.exe	88
PID 2404 wrote to memory of 2732	2404	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://anadius.su/sims-4-dlc-only
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffaf7a7f208,0x7ffaf7a7f214,0x7ffaf7a7f220
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2004,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=2456 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2428,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=2424 /prefetch:2
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2412,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3516,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3520,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3476,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4860,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5464,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5544,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5544,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6032,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6176,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5736,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6252,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5752,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6192,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6020,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=5212,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6416,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6472,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6604,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6616,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=6904,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7056,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7108,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7204 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7240,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=7376,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7480 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7668,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7680 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7948,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=8148,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8172 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=7644,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8324 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=7820,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8452 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=7812,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8632 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=8756,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8004 /prefetch:1
  2⤵
  PID:6148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=8884,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8908 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=9072,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=9088 /prefetch:1
  2⤵
  PID:6280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=8880,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=9224 /prefetch:1
  2⤵
  PID:6332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=9376,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=9440 /prefetch:1
  2⤵
  PID:6424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=8652,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=9584 /prefetch:1
  2⤵
  PID:6480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=7816,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:6976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=8056,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8084 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=7888,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8112 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=6932,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:6224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=6356,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8124 /prefetch:1
  2⤵
  PID:6860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=6920,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8680 /prefetch:1
  2⤵
  PID:6868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=5052,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8684 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=9336,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=5744,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:6652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=8660,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=9276,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=9272 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9244,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  - Modifies registry class
  PID:6884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6140,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10524,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=10728 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6300,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=9040 /prefetch:8
  2⤵
  PID:6596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=4940,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5296,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=10092 /prefetch:8
  2⤵
  PID:6744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=5600,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=9968 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=5320,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10992,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11008 /prefetch:8
  2⤵
  PID:6356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=11080,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=11176,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11184 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --always-read-main-dll --field-trial-handle=11188,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11052 /prefetch:1
  2⤵
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --always-read-main-dll --field-trial-handle=10752,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=10900 /prefetch:1
  2⤵
  PID:7052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=11328,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=10816 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=11476,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11500 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=11692,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11384 /prefetch:1
  2⤵
  PID:6776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --always-read-main-dll --field-trial-handle=5272,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=11452,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11824 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=11380,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=12000 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --always-read-main-dll --field-trial-handle=12044,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11656 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --always-read-main-dll --field-trial-handle=11828,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11912 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=12180,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11628 /prefetch:8
  2⤵
  PID:6624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --always-read-main-dll --field-trial-handle=11324,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=12216 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=3252,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=10212 /prefetch:1
  2⤵
  PID:6528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4992,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11508 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=11888,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=10016 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10976,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11508 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --always-read-main-dll --field-trial-handle=4868,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=10828 /prefetch:1
  2⤵
  PID:6612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4196,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3872 /prefetch:2
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --always-read-main-dll --field-trial-handle=6568,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7612 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --always-read-main-dll --field-trial-handle=11252,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=10828 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7556,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8184 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --always-read-main-dll --field-trial-handle=7932,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --always-read-main-dll --field-trial-handle=7836,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11624 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --always-read-main-dll --field-trial-handle=8852,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8864 /prefetch:1
  2⤵
  PID:6796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --always-read-main-dll --field-trial-handle=3304,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11024 /prefetch:1
  2⤵
  PID:6336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --always-read-main-dll --field-trial-handle=9768,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8320 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --always-read-main-dll --field-trial-handle=9356,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --always-read-main-dll --field-trial-handle=5116,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7980 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --always-read-main-dll --field-trial-handle=9188,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=10204 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --always-read-main-dll --field-trial-handle=6828,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --always-read-main-dll --field-trial-handle=8492,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --always-read-main-dll --field-trial-handle=8464,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --always-read-main-dll --field-trial-handle=8396,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8008 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --always-read-main-dll --field-trial-handle=8424,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11744 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --always-read-main-dll --field-trial-handle=8996,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11688 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --always-read-main-dll --field-trial-handle=11516,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --always-read-main-dll --field-trial-handle=7336,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --always-read-main-dll --field-trial-handle=6944,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --always-read-main-dll --field-trial-handle=5756,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --always-read-main-dll --field-trial-handle=11432,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --always-read-main-dll --field-trial-handle=9692,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11740 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --always-read-main-dll --field-trial-handle=8096,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7808 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --always-read-main-dll --field-trial-handle=12032,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7772 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --always-read-main-dll --field-trial-handle=4888,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7944 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --always-read-main-dll --field-trial-handle=4284,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:6176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --always-read-main-dll --field-trial-handle=7508,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --always-read-main-dll --field-trial-handle=3260,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7348 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --always-read-main-dll --field-trial-handle=9284,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --always-read-main-dll --field-trial-handle=4728,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=2548 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --always-read-main-dll --field-trial-handle=5452,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11004 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --always-read-main-dll --field-trial-handle=4724,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=12140 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --always-read-main-dll --field-trial-handle=9508,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=12436 /prefetch:1
  2⤵
  PID:7116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --always-read-main-dll --field-trial-handle=12608,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=12580 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --always-read-main-dll --field-trial-handle=12724,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=12748 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --always-read-main-dll --field-trial-handle=12916,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=12616 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=12688,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=12628 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --always-read-main-dll --field-trial-handle=12992,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=12556 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --always-read-main-dll --field-trial-handle=9912,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8700 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --always-read-main-dll --field-trial-handle=9920,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=1344 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --always-read-main-dll --field-trial-handle=7396,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9884,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7372 /prefetch:8
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --always-read-main-dll --field-trial-handle=2988,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=12020 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --always-read-main-dll --field-trial-handle=5160,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:6628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --always-read-main-dll --field-trial-handle=6792,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8024 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --always-read-main-dll --field-trial-handle=11716,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --always-read-main-dll --field-trial-handle=12996,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=10168 /prefetch:1
  2⤵
  PID:7000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --always-read-main-dll --field-trial-handle=11032,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11676 /prefetch:1
  2⤵
  PID:6508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --always-read-main-dll --field-trial-handle=9804,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8952 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8908,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11508 /prefetch:8
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --always-read-main-dll --field-trial-handle=12172,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --always-read-main-dll --field-trial-handle=9112,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7920 /prefetch:1
  2⤵
  PID:6152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7536,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8620 /prefetch:8
  2⤵
  PID:328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --always-read-main-dll --field-trial-handle=11996,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=12212 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --always-read-main-dll --field-trial-handle=13052,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --always-read-main-dll --field-trial-handle=6188,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11892 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --always-read-main-dll --field-trial-handle=5356,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11644 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --always-read-main-dll --field-trial-handle=8568,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --always-read-main-dll --field-trial-handle=11132,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11040 /prefetch:1
  2⤵
  PID:6340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --always-read-main-dll --field-trial-handle=8220,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=12808 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --always-read-main-dll --field-trial-handle=9548,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8780 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --always-read-main-dll --field-trial-handle=7292,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=10980 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --always-read-main-dll --field-trial-handle=7564,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --always-read-main-dll --field-trial-handle=12460,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7260 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --always-read-main-dll --field-trial-handle=12744,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --always-read-main-dll --field-trial-handle=6240,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --always-read-main-dll --field-trial-handle=7244,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --always-read-main-dll --field-trial-handle=3976,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --always-read-main-dll --field-trial-handle=6888,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=9416 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --always-read-main-dll --field-trial-handle=9440,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --always-read-main-dll --field-trial-handle=7120,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=161 --always-read-main-dll --field-trial-handle=8716,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --always-read-main-dll --field-trial-handle=7916,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=11984 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=163 --always-read-main-dll --field-trial-handle=11820,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=9628 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --always-read-main-dll --field-trial-handle=4720,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8576 /prefetch:1
  2⤵
  PID:7036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=165 --always-read-main-dll --field-trial-handle=7208,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=13024 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=166 --always-read-main-dll --field-trial-handle=8348,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=167 --always-read-main-dll --field-trial-handle=9024,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8928 /prefetch:1
  2⤵
  PID:6508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=168 --always-read-main-dll --field-trial-handle=5008,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=12092 /prefetch:1
  2⤵
  PID:6680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=169 --always-read-main-dll --field-trial-handle=8452,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=10032 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=170 --always-read-main-dll --field-trial-handle=11740,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=9228 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=171 --always-read-main-dll --field-trial-handle=6816,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=13116 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=172 --always-read-main-dll --field-trial-handle=5436,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=13232 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=173 --always-read-main-dll --field-trial-handle=11024,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=175 --always-read-main-dll --field-trial-handle=13132,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7496,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9796,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=9472 /prefetch:8
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1480,i,11636077123686378853,9597500981101724589,262144 --variations-seed-version --mojo-platform-channel-handle=8088 /prefetch:8
  2⤵
  PID:7092

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1220

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:6084

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2992

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1660

C:\Users\Admin\Downloads\OperaSetup.exe
"C:\Users\Admin\Downloads\OperaSetup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4876
- C:\Users\Admin\AppData\Local\Temp\7zSC0327B1B\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zSC0327B1B\setup.exe --server-tracking-blob=ZmQ1M2YxMGI5MjgyMzE1YTUyZTc2ZGU0NmU2ZDYzOTNmNWEwZGI3ZjBkNWI0NDUwM2Q3M2QyODJhOGM1NzBmYjp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPU9GVCZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1hZG5ldCZ1dG1faWQ9cHdrd2d3OGs4MHc0a280ZyZ1dG1fY29udGVudD0zMjc0OF85NTQ1OTg2LTM3NzU1MjI1ODctMzU3Njk4NjcxMiIsInRpbWVzdGFtcCI6IjE3NDMxNzI1MDIuMjcxMCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzMuMC4wLjAgU2FmYXJpLzUzNy4zNiBFZGcvMTMzLjAuMC4wIiwidXRtIjp7ImNhbXBhaWduIjoiYWRuZXQiLCJjb250ZW50IjoiMzI3NDhfOTU0NTk4Ni0zNzc1NTIyNTg3LTM1NzY5ODY3MTIiLCJpZCI6InB3a3dndzhrODB3NGtvNGciLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6Ik9GVCJ9LCJ1dWlkIjoiNDE1OTczMTYtOWRjZC00NjUyLWIxZGMtMjkwYTZiMWFjNzU2In0=
  2⤵
  - Downloads MZ/PE file
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  PID:1020
- - C:\Users\Admin\AppData\Local\Temp\7zSC0327B1B\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zSC0327B1B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=117.0.5408.163 --initial-client-data=0x334,0x338,0x33c,0x330,0x340,0x7471c234,0x7471c240,0x7471c24c
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4448
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1164
- - C:\Users\Admin\AppData\Local\Temp\7zSC0327B1B\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7zSC0327B1B\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --showunbox=0 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=1020 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20250328143516" --session-guid=cd57ff2e-9bcd-4b02-9112-58c5b041c7f2 --server-tracking-blob="ZGY4NThhOTI1MDIxZjAyZjM5MjQzYmFkYjdkNzAwNjM2MDhjNTFiMGY1OGI5M2FlNGI4NTIxM2E1NGRjYzdhNDp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPU9GVCZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1hZG5ldCZ1dG1faWQ9cHdrd2d3OGs4MHc0a280ZyZ1dG1fY29udGVudD0zMjc0OF85NTQ1OTg2LTM3NzU1MjI1ODctMzU3Njk4NjcxMiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTc0MzE3MjUwMi4yNzEwIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzMy4wLjAuMCBTYWZhcmkvNTM3LjM2IEVkZy8xMzMuMC4wLjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJhZG5ldCIsImNvbnRlbnQiOiIzMjc0OF85NTQ1OTg2LTM3NzU1MjI1ODctMzU3Njk4NjcxMiIsImlkIjoicHdrd2d3OGs4MHc0a280ZyIsIm1lZGl1bSI6InBiIiwic291cmNlIjoiT0ZUIn0sInV1aWQiOiI0MTU5NzMxNi05ZGNkLTQ2NTItYjFkYy0yOTBhNmIxYWM3NTYifQ== " --desktopshortcut=1 --wait-for-package --initial-proc-handle=2809000000000000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\7zSC0327B1B\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zSC0327B1B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=117.0.5408.163 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x7212c234,0x7212c240,0x7212c24c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6728
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202503281435161\assistant\Assistant_117.0.5408.35_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202503281435161\assistant\Assistant_117.0.5408.35_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2864
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202503281435161\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202503281435161\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202503281435161\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202503281435161\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=117.0.5408.35 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x503d24,0x503d30,0x503d3c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6516

C:\Users\Admin\Downloads\sims-4-updater-v1.4.2\sims-4-updater-v1.4.2\sims-4-updater-v1.4.2.exe
"C:\Users\Admin\Downloads\sims-4-updater-v1.4.2\sims-4-updater-v1.4.2\sims-4-updater-v1.4.2.exe"
1⤵
PID:4368
- C:\Users\Admin\Downloads\sims-4-updater-v1.4.2\sims-4-updater-v1.4.2\sims-4-updater-v1.4.2.exe
  "C:\Users\Admin\Downloads\sims-4-updater-v1.4.2\sims-4-updater-v1.4.2\sims-4-updater-v1.4.2.exe"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3380
- - C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\sims-4-updater-v1.4.2\sims-4-updater-v1.4.2\updater_readme.txt
    3⤵
    PID:4944
- - C:\Users\Admin\AppData\Local\Temp\_MEI43682\tools\aria2c.exe
    aria2c --no-conf=true --enable-color=false --show-console-readout=false --summary-interval=1 --human-readable=false --max-connection-per-server=5 --split=5 --min-split-size=1M --ca-certificate=C:\Users\Admin\AppData\Local\Temp\_MEI43682\certifi\cacert.pem --file-allocation=trunc --auto-file-renaming=false --input-file=-
    3⤵
    - Executes dropped EXE
    PID:5400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1422164188\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1422164188\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1545236511\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1548671065\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1806380412\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1855692409\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2404_1855692409\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2404_362260169\manifest.json

Filesize
118B

MD5
3e4993f878e658507d78f52011519527

SHA1
2fce50683531c5c985967a71f90d62ab141707df

SHA256
a2fb35b03e24f5ba14cbe0e3c3d8cb43588e93f048878b066fd1d640ef8e59cb

SHA512
9d24ef876ac989e50e9d4d06732a4c4f61e12df366b3d4e5ff93d6a60badac36c3e55e7f13c2539ecb525017490a887fc56580ef8e83483019041ad9b13358d5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2404_542426861\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2404_791599291\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2404_829532933\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log

Filesize
21KB

MD5
955c16012e26a11e4524550d19d5ec42

SHA1
78237792b4d248efce2ece0d8de9e132cb148f33

SHA256
f256714084322e309e20619af9b50b87a693a1407c071e55f81f340b4dff39f2

SHA512
75779a05f53ad0f93ddffaacfff310cc119f49dab47dcf6ab4055ac6d8fb8ab2c3b32570eb59e84c9ad933fdc21f546c884ac3dbe6efabebe5040f91a326b81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
4527bfa4b014e20a15656e3a0a61b367

SHA1
21e4b4d7aa04b3985a9f0939ebc6bbb72ce9340c

SHA256
6576bb1bedecd72943b11a4bbbaa24f1fe5f99cc0f60a790c1a381c7c3d5ea74

SHA512
f0136e8bf3f90c51da52ab61d6b02e8a8012b1dd51a62b568c8f6431f8712a7c161ca785afa2f04f1a7a23d1bb95f9168ffed4f1cc9b4a6d6934dcb7ee09a274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
32KB

MD5
aa3159638697659b2057b213a9313373

SHA1
7d5359cd261fcf85a6fddeda60ff5d63ac4c5a35

SHA256
57b3da68376160f19b4b493f27a737aaefbcd074891df565d38b0b227e7560d7

SHA512
936d97b295cc8235596269fcaa2a542de8b64f7f54ddb3b2b4f5d9a283726c45f1bf4d1b5b00cb2f3f33762c8b7714f6934ff5f290f97632278593006679d0cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
112KB

MD5
d527a1a7218c4a05c0a59543659aad55

SHA1
d665da8591c0f2bb8969df2f971d7a9ef6408395

SHA256
9c97c1c6e606afafa0d26283922fb8ebbca42944c66587017f6afdc9df013ca1

SHA512
17f10068872eae6e380fdb1affe22fa33c02ca039175e18e7a24218d134ce0c5550fdc529ab3a5ecce029c50d7a1ec63bc0d2abd00787887adbee6d2ab34ef17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
31KB

MD5
39d0acac116220a104af47b710fed110

SHA1
77719b85bac60af093ebc7c75f9282efedba0f6f

SHA256
23043de74118580a89c802aa3e73d62b5db9d72bbb88b71a308cf4b9a3d6bc77

SHA512
d390b33582d1595c4a7162ee0fa672c8b79e4e40aeac7e79440438b1ab95dd13926c5e3d840a63c03294e44f2d37bcccf827267e2b23edd4c60d45475a566714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
182KB

MD5
2d8abfa6a5e05d10745f077c4c4c4300

SHA1
2bf45ef80acfba0c7366c3997f062aa848364fa2

SHA256
f72feaceb8b7886205739da4037ba07471260e77b02f2ab8d968fc29e8ccb123

SHA512
d41bb608d8d632316152793075711ebafeab2c7430df18b08e8d11490c843a744e57d5552cc79b7ac582655bcc93ce5f9db386f922280872b621fb993b9c5237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
24KB

MD5
5706fff60d8b5ee38ad3bb603b7bcc74

SHA1
f7ca9943f6aaf368e994b450133df4064870293a

SHA256
d90d5c7eed2c87bed04a2d752948db95e40ce34bf17e6e0bfd1656be65f4876c

SHA512
9d5a3252dbff41a9daae6631775110219132f848d5d1a710c69ce6140fbaa957f810e8148ec993c921a127c1126cb0537eb6364d0048024a146c3bd0f89c9a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
92KB

MD5
d2567667c6794f813ffce6c17ae84721

SHA1
baffe6f1e226c9e26a4681e253274c44f9d6d847

SHA256
9566d37b1cc62a2f976a47339175b6ecba23151f525a7308a907150c1c90c736

SHA512
0954a29b8e0864501140e25ec57c3caa5dc8a5e63b970fdff0e13b75c0a35cce8d9aa67a3e4190c872ef3a1f233c50650e47015dd20343660001ed8b6a61b724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
18KB

MD5
c166834099a091f4dd538d415abb3f06

SHA1
030b56f42e218879bb50f88ba7277300978c4aa0

SHA256
cb0031adb940a2a05e7539ecbb506583ff230f229175cbb48aa1d258895bb2cb

SHA512
daec7489cba79d799bc85af99feb6797be13d80ebe00cf7e640c5324cc61665e4a15869202c974434c11ab9287e330d4f75c50cc447b4bf3baba08df598e73de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

Filesize
29KB

MD5
e6ec1df39aa8d07cf330a72f47196abf

SHA1
801af4548a1108d80264f289a2c4198cb273c2c6

SHA256
18117406ad59b6a0d16b1fa1ddeb2d53210aa3fde7a2d3ea00704d3187257ca2

SHA512
ec806a7550dd0f9f6b0e8a14d9f00277690b771230829ba07f29807412a04b337ed893caed31363ead5cbb2e933cc2561643e1568c22094fd216d4d950bd12e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000085

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c3

Filesize
29KB

MD5
b86c5440405fd643e40d60ebcc415dcf

SHA1
72125461c02a765f0b843b65fe42662134531ac0

SHA256
da169610bb74a50c731945d339b5c21c529db620eb16482c97ede5190a367fbc

SHA512
b53229c2bd43d688ca88119cbb9104109d956edfd5e059770d8e6c138b2e104fa3f4a051dceb72dc9389b46b9a0ff96e16db52210c096990a4e05afa8a2c2a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\135a9e73b7a29232_0

Filesize
252B

MD5
939738e5f9f26ae358ef33f34f2988d4

SHA1
f3df0e3a63fe560bf1035ea857209cafb436a0b6

SHA256
5c72005976626f9f7f2e9a72ac73b93188a660d8033035b9ca5b691d87e7dd9e

SHA512
2383523083829eead20fb4c98a9d488fa0c7df0267cd4db25b17a8db074d381423609c8114f1c9f27083d591dbedd5c0c5fa26d83f9d0a50b45412c72fa9108b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\135a9e73b7a29232_0

Filesize
212B

MD5
16de3abc88ce41388803cac73dc652b6

SHA1
294632be932e77e053e12125d6ad8e9f86404093

SHA256
678a585293516cc59b7953d0dfa80ef67aa7888a4523576bd8b101857d77387d

SHA512
53ffc2a96d9adc31c326d6060075a77ccc06535c450b3600d23471b71d0291dd03ec3cc6b33c1c4cd495d15d072c9344c8fbb0edaf8ce7d54cc5e06c477f6861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a3cd997dab547af_0

Filesize
41KB

MD5
b444a3c25c4c9d409db352ea86efdd0d

SHA1
6ad83fc7beb222871747c2ccbae8aced2a33c140

SHA256
dec148a1d76df725cf62169cc4eef5b4e001f6712f2b474ee7a09495d3adf9d4

SHA512
bc16bd93bd5289752acf6cc7ee7dc7d258857cd6cf1caae73b29429d49e8a4a96d7e9aa9098a7838c238f3b6098aa1b5e3de77e8091739f7eadb1c3c9c99b142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3b145f7c7b25fcf73bba779daa08675e

SHA1
e4a4668e77ed93b2cecbdbdf034685d99fd3e041

SHA256
f6f67c8473cb8b576cefa90f8c203dbcc1e37e4ce24d15dc55edf43643d4046c

SHA512
d0e3a177cc3879cedd6a50de52033637c35d617d68ea0badd0a10009a1830b66bde270606a2bd166b57ec8fc2282b7be5e88a80c7c01cc29d9729a47e462c152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3a70b5c48fdcf9632a6468cc5ffd3895

SHA1
5402717299a6235f339eb40c807586a747871b4e

SHA256
3acf599f89fd9b74242fee94132432fc6c47a1feb9f2caf1c19e372abff01be9

SHA512
555a38deab784ea9cf9dcd14766fcdaa7d82bff437f5c11d2995aef285e83c94745cc64535f48706f48a719a07aa37d7871e01aa514a17aa3e2c3d6d6e2c53c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
e45e92abdf02ee61f13e0e15f3f36a45

SHA1
1a011b9da682482f96ee63946e3ab09a832f5194

SHA256
f609c2d047a10d14cf29cd4fba8851ef2efc40f521f1d8ddbadfb2277981c30e

SHA512
644edb65854ad111e91b7454ce9fff4812eec1c5b911a872edd88a76548fe7ee452ac5c9d9905d7e3039bab727e25c5b0f03519dde5460c3b685849eca76db1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
68bfe5210fe802e9b365f40368384e5a

SHA1
5851343dae445732791a5de9f92fb834edd5c75f

SHA256
5ad1712621b0de3c97ca33222310c4ffc53db1f233885c57fc687d1f6f9dd2b0

SHA512
653eb7051d35bb33529c7547a2bf831ecabcb32cb3608b2b1df8738ad61cf276dc8fc617744baf76975afbf926556dee351f579b96204b5e4cbcc5ac086123fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
74aedeecd0f2985025a6d2c2c55e8bfa

SHA1
4feec189b379f5c514bee7f195c887547e9f1884

SHA256
72c9c2ceddd4ff1ade59cf89f9ce79c678e1f2f09dc566b131d38ac4e554846d

SHA512
6c7e7fba824842d0b77fa898f45d60e095d2558545b5c19842d6cf5072bf53788a8a99724813c66843c19acff174dc6ac894a025965fba9db01bd649063df883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f17b303d01281d4bc4223677858bd509

SHA1
3ef643610a87f1ce7c970da0d3754a7c521698dd

SHA256
7881aad62039103dc083fa2f09ed2e3bd180ee104f52d4b734ba7807dfac2a02

SHA512
37e8dcd5067ba1c18dfa3c6084e257968c37f9ae32f48eed64e2dcb1e1f78db042a37fdd4bf858138ee2d2ce5229996eed66d8aa18d5170684a0face3df2cf25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
bb921c5a1c47efdc8b8a128a9c0c1cb4

SHA1
491f50cab61a2b46e70f279df6d2aabff421093d

SHA256
0c5a652d678173cdfc5238ab6bf9936f6160639e978ae69d5108e6c0201c6efb

SHA512
56968d9516dc86c6f9f258459362aab3964645bbf5a6cfc55303de80861b801843ac36fa0f322dbacef51424606be0fbd9eeca5f6894287625434781759a7927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
220758babf9746eb7b969e204beaf204

SHA1
9f9e24b20285c2227a59d70d0f2f7ce8d7555b2c

SHA256
9ffb5fee6fee35cd5bfb26ad6a8828a0c107b7cda01075130cd0ffed66a9c210

SHA512
2373b4740b3dabaf1c7faa835baf33a5463c2a55503d7b7d82cfa1737372a7b7b9c861674d1c4546fa79ec8e50f380eb8979bc1dd5ea8bd0320733e7c8cc5945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57cddf.TMP

Filesize
3KB

MD5
36d092e2614c649636d38e4f8d3f03b9

SHA1
c3667ddf32e86aeb50ac2487c9e6f88192904cc5

SHA256
d68cba51dbfd28a52528b94aa467c0dd3128037d3725694f084c63dea4e13983

SHA512
c71ea5a3d5213d04a9733bd0e97f3643414d38a6c624da9bee62661bab3cfd4883effdb7dce878dc7baf595e638966a7dbf1e5c97e8945454657ef3b4da5f88a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
0d45c023d449ae5d60507e22fc3f0ab0

SHA1
654ba09a8e3df68017931ac2a87b27203fe77087

SHA256
f7865385cb20aae9d7997474c659686c5ccc1a38b7ed710912669aa5b5c5fe34

SHA512
c2db4e72b4c43bee577a38c672c729dc8d964f2fa6558beffd5605ebe0a37c30c06834fab7cdc4525af2052a7bc5552f7f9db4bfd85c81a50c3005b2effe36f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.datingdealshub.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
40KB

MD5
77d453d404bb9d0efabd43c984370955

SHA1
51c850e204f0266549969c9a6d2dd8fa3d902727

SHA256
16d36c38aae6d7da74dcbf711b1bcb9ce706cf96e14eaa8c218bde20cacd3544

SHA512
53355f09a2e390e6b0563394706cf36ac03c8092459029dc0c313b540c852d991ead2410090850fc1eeec23a9eb95f2fb91b434495900c720b0907b0611b6b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
e1ef55345db0b9cd435bd2c28e031eea

SHA1
5fba9cecf1ff19c5e59b664f246573dd22be6620

SHA256
4f6bf3b7b7d01ee36529d95d3051065729ee649c1eb84f39aa32b67579c466bc

SHA512
0a317686878e00197c97221f510d182262a6134a1d2c17a1fd3febdaccf2e7ef238baa2dd889b44a0730cbbc7fb988c09dca144dd505e1e566fc887f02fe5356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
41KB

MD5
22e4664996f743eb9396fd4e2d905093

SHA1
0f783725191de66a5c1c30f39ff212bf28bfa6cb

SHA256
f79de1d72f56801c7da73075669ad3ec3722e222766547c79048ede3fa296e37

SHA512
63423c5036d299ddfa83c6764785d973c578dfca32766d2c721eb38089dce8c5803393d22689d90bce4a18e1d2bb05d0ef54b5e72c370b5eb5d31587f029244c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
31KB

MD5
673dacf1ac969f5eb5dda0965a374016

SHA1
980bf0d23e8a93db6b0cec67ba48103c8d13d91f

SHA256
c9297f84a1156d644abf1264d04c81ff1f911252cad90728a5fdcee19681cff4

SHA512
97b14dd1d03c4d4fc9c35afef8e814f86be43aef8b6dfc3b3ebd84726dbd51589988bb0aedf7bb32fff0e07af77dffb3de0315ca2cea019ebd10317b841b1626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
33KB

MD5
0eac545530c10066adfc795bfd2e475d

SHA1
9749813f4d8600d0350f1f63a59a5323c314fbd8

SHA256
807bc68156bc91d6532c2ee56c3da8f28c28644ad85864e55570440201788717

SHA512
1b8e7d52e841f5a5cca2f7b761d82b193dd0ec89881bc60fa8cfc94591b8bbeb5715f0fd53786fb55ea479fabf04a57d0884baf5c8c062f709bf5b5ccab7dcf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
f6f9bc395b71e40ed2124f29243aade2

SHA1
7eb7a15fc3f8fc761f232cdb8515303e68be78fc

SHA256
d3eae70acfc9f90b7624544fd708b8170c730eeeaca6d979245e9f3b29c2d8bf

SHA512
4c046fc214650f0df00f83346ff04b8043e7551d96745cc4ee720c94b8affe609f9cab909c3f039e3f190666dd400b3df5ec7927e96137d0b1bf6c86181e173b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
d771a066c83d48a714eabba3874eba94

SHA1
ba3626a82fa588cd27593366e930e2643bea31cb

SHA256
0f1cf50cd026551de36b5176cd36176a0c386dfa2096766ba7fe6c41b4075a4f

SHA512
fd2e908b160134d5de9871ee72b4fb10740b0608d60c9bc64cbfc25e8d9fa8bc4cdbf2d7f6d43bf63a9830c8fe62e4527553f0922b00526fec72e2382bf369c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
33KB

MD5
73bf016fa31450a908c7f69528dcd323

SHA1
a16be09ef1658d5712cafe258229f09829554e73

SHA256
2583a575b361e4cd03ffd6ee34f608e33e75e1e2c7c83110f8a9ff772e3bd3b7

SHA512
389e3878592a02594394be7cce6ef5425b005e76730f01fd6174b106ab0f97957369f4eb6901cdc8ac0556a83fd639f6f103becc3faa1e9b52b33a7a903783f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
c3daeda931dd91e740c9c1b1b4b2b334

SHA1
dc696f541539f82cd878c7e3f5c02d1e91850791

SHA256
156d76a9dd55161f1a1482d454c6908878a8a280463ba03b7dcf96671e674c11

SHA512
343cb9b54c2e27f4a823083aac77ba1b9e60cafd3419fad8d55cb19b150bc6e1850abb7c61ab4c84c0d2203bb8e6b4c96cf2cac8bd9778b9edbd74e77779f790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index

Filesize
2KB

MD5
8f76e47ee799e82883f1f09a36c53b02

SHA1
45f6e0e674d568b217bf2f8e8121b0b164a8c54c

SHA256
51a1abc88a2ed85612502f68fb61bed8cca4e090be481ffc6f934ab22b88ddd3

SHA512
49f787fd6af7bc4f56148c0ccd0df1ce054033536857e172597ae5169475ee574fdd8c6607f19e9af53c7376476b8d3f87a04cc5f602e1d8d3aae5fcea191b40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index~RFe5c11ca.TMP

Filesize
2KB

MD5
da046d40ec45ae4b5555e46ee13ecf5c

SHA1
6065a540e0f981043852b8f78b0b60863b9e9218

SHA256
305391c55197e539e6ce470a41ccee427781207d5e4e66fd6f3e5cc5a9329aed

SHA512
a9ecafaf81ada98ceacf6e50dfeae4a28cd7fe2c935253d0e1cacbf800299da4171a4304ff4721ec321d5f8bf5b3f74e07858e3bcf729aafbb30bfcebc1435c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
c5c2975c5da89e408d6310832cf05c78

SHA1
dace3425f2309d73b11617a63d9c415d35a519ba

SHA256
4abe6839c8ee5583dd801e90645a511f6ef97cf26ac0857d9ae180bb9b28adaf

SHA512
24d452611f02c283f84feded7a4fc565f480319a2d47134329d2b1cc565ed100105e1f032a99d8148536fa17b9beceec23bc3a578997f5d0adc0a932f1d220ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
46KB

MD5
b2dad79c789ab7ba97d9d8484bb66342

SHA1
928d354ee857a7237638d4cdc35fcbb9daf54959

SHA256
23853ed78f272f8bd193950f35dfded63077dea16651d101034dc06ed845b91b

SHA512
92c1346f49421ad9a9029e4f612a9a145bb639595e26ec21cd01cc86f0f524af6f1ed8a070f83002288472b6b40d0031a185d9e3fe56c96ccdfbf80d5e001ddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
52ee9b0448b950c83b686825fc556d54

SHA1
2e53715b7350680d04d4f3106ebab1de6c4316ef

SHA256
453108258cc3f974c54e643301ed89585770f8d7e7d5ee961cec720cc4c408de

SHA512
49a155f86a51c4d4d5871ee06dab5d9d3de3fab49181b9313b6c06660f68a943b91488a6e3fa2b5a4301e763b47fad0cdbedf7097b62b935e4aa186d545455b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59e219.TMP

Filesize
72B

MD5
b9027065c3e0409971091fc00bc98200

SHA1
dd081b26fc038dbe28d12de1a551faa455f9c25b

SHA256
62b58cf942b458746c35ad986fbb554d3da724c0376c6b6fcd9ab5a2697c3f8e

SHA512
f31fbf7d9070cf0ad9235d32646767d6d3c3cabe85bdc7af20c25f26ff8e4293b46fb8c227e1bfbe4ccebd7ba8e512dd0216fceffb09a9870f5c0b1b3ab6ec40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
bdf4097da242faf8c7eb02faa8920ddb

SHA1
81733f71b46bb54d295f716dd6f98580b9964139

SHA256
d63a9080233ae8eb3f19157ecbe09d3d00812b7be77ab7713e503688d4c14e90

SHA512
67a62ee9d5984baf19c9b5be1f210d250ce0f8ebac86dc743bb0db80cc41b11a23424a5d5801cfed6d28a40f17700170cfe1df915adc86c239787b10926660cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
181B

MD5
37d400b84c6322d04c6d16e1eb5e3481

SHA1
522417acdab1240d88e54fca65c98c3e56b51186

SHA256
de1840d904556486f981762fe09b514ecbd2c155a699e089e459f3d1d84816b0

SHA512
bcb41109f56f81bd73db4c989f6461990276e6655bf26d6ce519f2cd64f4f33a27a4bfefe0e3084b8ba7f42a573f2b661565ee7fe3b92dabc29349c5f610fcc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5952aa.TMP

Filesize
188B

MD5
faba971cff334d3cec9dd645ea247323

SHA1
4fafaf97fb16f8fcb057132206389bd550362f8b

SHA256
51ef1fb70314b367b4e29e4e56f34326eb418af27cc4fa006c0093c8e9a7d97f

SHA512
e6203e2cd151ae105e4ed8951246852a8a1958dd25f33815057992898bd1808d5172a2ca254f9be0885f6587b1969b351a540c3a81aa0b5e5dbbb90d8e41835c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
c49422882fc2366277ed33aab8110f13

SHA1
bf9136f40d38c488be764dc110244ed8d2295b8b

SHA256
ad601453ed93a2307156a544ad5cc6bd2a0ae1983ca94d12ecb5088459ba73bb

SHA512
d1e9371b11f644a858826d3d65e90eef642490a7b1f13fd84aa60878daf62ce3e458aae89416409ac979c91271f10c84a0bf41a702639f112eeefd0b07e5c214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
051d903aa686540ad07920b961cd3660

SHA1
bfaeaf886e1c1ec5d291495b25d9c08143b551e8

SHA256
b4c7c35f1042c1377da2ac7589e791f24fcc11bd18348a04e450b139063c2ab4

SHA512
b4173004197421a90dbcb0698d992b3cfe0059e1671d9aa3f8e471e5db613095f3e7fee5bbe0d74f57143265a4242a6e622e570b0b4215814f052318f8847aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
075ad6d49e56cea141c0ad87e52b7b78

SHA1
db923823d27eb55f201b321eb84a2ac67937ade0

SHA256
dd806a2fd1ece5dc04e46133c098fbb631ce70d8b6dec798b00da715e279ef10

SHA512
7627cd3e4c2cd50b7bb09ebedcb737f47fc627b6396d10d673b5382c65dc36a62e411a6660e0c0b1066003d9fda9701f5771892b608b4d6a8d8b1bc0aaf03f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
61c8685410013bb9678299a64f9587a4

SHA1
4d9c398699d69418054f498d5f20099b737cb3d1

SHA256
286bb84a2f23da6684dc4e39892b2af0dec976a4679b039861b626f26b03962b

SHA512
ecc2e84bcd6a80bc39825d04c5d815aa68ead93a4487270366932da205a70c502a562802928ce314d8dc7f2cfbd25c07758e63dd07a04b83cfb998ba14596565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
fc803ce1e81d919845dea54ceb58cfbe

SHA1
b6b18b2189a095b5e1a202797b93c132bba0f162

SHA256
38a31ac57f96eab57e7774a64b0641810e053f6ec04901cc76137964fb342bcd

SHA512
4f330d24e37d4d7ca7cc24e22a735a5b81ff3a95d4fc8de1dff32f5ab1341bd5a9d2d70bae9d3e4db107fbb49ff62008f31f3ebe5705f38395a1e72e3b7e18b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
d81eb58119efff650d680d2bdd6465f6

SHA1
bad84c9db7ff89c349933383ac35b2a0aa6cdf40

SHA256
c4999bf8aebc2a1d8e6f22a93005ea9763e87dd8aa08d3fb8ca270dbde9ade07

SHA512
39e5f1ceeaa00697391954aab690a20312b427d85c26048904d90f1b7a5e11016a28b9f0e47f7f43b50f781fec75bc40fc6cc04712ed613f0e9bd8ee9125f0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
bf02912a0b472e26f873e8b8cf865c8c

SHA1
bb2928220b876b1a23a40228cd0169f6687c61da

SHA256
caad3338395e621d270957aa92b14262eeeff091266f16d88d44d045e46015ff

SHA512
0fe154ee60982b318bb6c9542d166a7f1f4873e54a2906c106865d77ae18fb00dc0abbf06ee111b7dd0673daa0faf93946151601318c4dd4f3591d0917ac8e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
ae3500b565aae88d38ae022dd776607c

SHA1
5004ea1cf0dcaa8f0b6a53c4dc5bbef67fb3bb5f

SHA256
51a8e2e225fcf1aa8ec7c959e39197047c70f6f6b50e3ffcf5282c39f332ab9a

SHA512
f0fc91f490927a9489db3e30f9fed8f7946b5f6a703b77911242b90611f0f026e0b2f4423d936bdc7a42a12cda52c1040abb74232799896b5c41164af4641db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
1a8471431984fdd6b1005f162e87dd71

SHA1
48da437a679808bd5269938b86d8e8064dd1681e

SHA256
733aafecf394977ad4a85e87359415c4f3f2a71cd9e9ca5472c67a912c362fb0

SHA512
329e5bb0bb2b438cc54dbc006c10d97f5de1e6c82a00a5ef18128191645d111113884e4d8708fb971902038ad409c8752c4eaf324cf8d2a5bf2b1f795cdb6bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
8f11cd53c6609f7b88080b39e31a5093

SHA1
11fd0cb1a2ebb16f0f601e41fada5ed531e88fe9

SHA256
31cc94a5fed763a02b2c87cb58864948964c704f3e1c8d75e193492559acd296

SHA512
fc2d596edbf6061e3ecc391912e67ea5c87b115bbfddedd457a604e4d035681f0c09ca9f1a6c467e484a112fa29e5813c738f2cb22d326c5d0eb6ffd4b0e882d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
351db444cbd6f21c00478a789c0d6403

SHA1
630ba9fe19d5e4b32e6be4211d8f4434a231ea34

SHA256
cdc2a4fc8d6f97b794bcb60e19fb17b2c28388f74082fd7a03404e6d0cf0ff34

SHA512
84338b22ede97ac33cc166050560f4b23a245145f4030708c9c20d6f581b838523ecc0758998fc5bf49484e148812ba678633d6e0a1123976386493ebd7335aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
fb2b59498234cef4f0d37a4a4eb3197b

SHA1
14d76ab0950bb450a30e3be30dead3b6906443e8

SHA256
c5c644b9e44c944d18e376425ad43b3f6a80001d5b5b166c963a41ae54353b1b

SHA512
a878cfef21a4790a94cbcf1d8d8a7b9221620d8b1ec9116ba3de3d47096980e3adb169581b0f1088f540df0ff48ec45d2f2085bc8cb5e0e4cf02749e691225e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
66aa31e5918a93a754b2ebeb7659a83f

SHA1
c3cd718789760e80e31964e090aa5667539ef0e2

SHA256
954528bf2a27b0f0d8e51a8e04bb0bc3326d339b621cec7fdde9ae0465c65301

SHA512
62e10c9436509ac95b97ff1d735bc48f27036afe23d5bf19093f8b0a0cc66a2a2de1fac54bab64317d39e680b1c225444dfb0394e273367b427e62e2388e606c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4c5231694df1b0d50100f59c818d9fa4

SHA1
45367fc57ee2afff1230136e612645f20cf9641e

SHA256
d6a7c43b28f47e1b7080ca3d647ae12b36a95a5ce9388c5f5eaea8a97675b101

SHA512
e991a83c69ef3e4ae9cdc3e363eba7c3ab73fccf8f3a866ef0635999d6a02d7f968296eaa2e6859cfa0b60f5f3d2bbb52b321b132a0ec6b7d3ab415d04e79143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
ef365fb841c6ba5feff60861182ca025

SHA1
afffe71abb312131ac187a115d61582acbe90c0c

SHA256
a05a0f699da2ef0c6058f30a83ffbe44bb83fdf30ee671b8fccaf482d0c4c097

SHA512
b0930c586e7847592dfaa9834cd1e5c23f23f806a6525a12025d170dab6383eeb763954a8cc572f98fdc5cfd8123894fb88eb8cfc2bc63aa20332d6b00b05aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
59dbaee40765c601ee7d5e3a88a644af

SHA1
6fae73c40b62ea4aa6c5eacb4b17c68324347c50

SHA256
af5391c02a44c1db7f7fcaf758c77e7aba7353727e4478f7aac9e507026fb318

SHA512
62654f3758aafdc70b1e406b9c9f6eac72a3a2566783b8e49e6ba7d59373739821448286267f65d3598d7b83f467de3eae7ee6eb5ae5913944ce0cbeb7b9ad05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
7aa485167873935e5756fdaba21828d2

SHA1
98392647cc0d75a7f148e7118715012572302504

SHA256
f473ae7f8995ac2ab4c247bec5845b7133ea5cd7d422d51b6677af6cf57b4599

SHA512
154f443bebd789ab8b62808ebd066ac454c9e10384b232cdb24d04fbd8ff764c570a28ab014d8e7a2f2c1e6b14b1d9da44cd1424b9213eb92f94bdb0bf5ba87f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
3ec6a57d81414cd62c0d47913624394a

SHA1
4447321250a28d4c4c71dae98f1adb2606275a1d

SHA256
c4b1a448dcf5ecfca714c9c6dd9ff5db9003a6e0c192ebe1a660c04bbbf063cf

SHA512
68f6257035db941fce337a4548a30cca87c358b046f5911b277010a34b0e70993021242b4279ee47fdb879bf2d12d3c1830761a1252ac21c26aaebba968ff880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a014c7055bb8ae3deed67237acaec3c3

SHA1
ab6056accdc74c57655d1ddaa3cd5e89757dc3c7

SHA256
6a2df6d1079be28cb9e1ced541ba5db4d48f07679d18b26ffc6b08fcd222cd2d

SHA512
73300394506a53b9e93399c1f3d3d4b58a1e7593ad365bc269d88cb3e9bb3e1e06793242233e8067b50bd348d047fe72cd71bc0dd6c5d57d5a2a5ce023420080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
330c8c309e1b0599ab9c566ae64c2e9d

SHA1
7c88609874b2a0765dcf550e2e70592c41f19092

SHA256
08af6b847fa6f83873f62fabe85d4ee33c01794b8469e06590951a63853f56f5

SHA512
70fadab716b4ef781a47e37932515f4794983ddae9a37c29aa2d23e0902d6dbd3fb3201e2d6dd737a9073861f28468acb8f87d150469fd5801ba3f2463d0a3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
e8481c6bba6f6109ae280dc14aa06617

SHA1
e64513c77556fb6cb54c79fc573714564967e0fa

SHA256
b7d9fff1fbda05465bffeb4bd35479e3a613138961e87fb9ee6842145360b3ef

SHA512
98d3acc93b74165f7a2227c5f11066a29ee2f38f0418701ca4820f608524c7b97d068c14ef3ea5e504065b6efc1b0e4d712e697da714bc929d30303cfca3cfa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe58311d.TMP

Filesize
392B

MD5
c8b4f2fad638c8edda2915179438ebc5

SHA1
fa0cb2cb638f4a9a3bea27eb98096054f541205a

SHA256
39c6bd21689a500ac0a2923a8132f47dc5e79beb719a5eadcaaa1bfcc93a0ba0

SHA512
84edd23d2518ba37f8ad45148129483f9fcb818257839bb7c6325a7782d8e63fded1b5c41f85e2955a8d542c16a834a50de6c0102bd4e68890b4053f79dcb5d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.28.1\typosquatting_list.pb

Filesize
628KB

MD5
bd5eeb9c4b00955e5a0f6a332d78cdef

SHA1
cf9e85ae41cf1ef2385a73ef36ebeb3c3378ea3a

SHA256
dbbea874b4b73aeb3ad17355c90f692767a947516481f158b7319f7c43f0e657

SHA512
2cfa521120dd1ab9c2cc90b74cd8d3f6f8991a086bd2dc1b9d225b08aeca8420f565e047f551ddf6d2149cfb02e4ce69b641e328a774dde7017ad374fd58eb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Web Notifications Deny List\2.0.0.21\deny_etld1_domains.list

Filesize
6KB

MD5
93c7fc76f7223d043593c999de1c0bea

SHA1
dd7c906c629466fe53a29d3945e31801065b5b1a

SHA256
0db8861eb771d2662ecabd8c7125c5453d6f3d976c14401ecb252e1f85b018d6

SHA512
55c752b20ebf883adaf0bf696fbe7c3f94b06d5bff907b39e9f43358ee7a58336024145b77ba315393609853c54a701ec25592ffc32b9ed3e2ce4857a4186c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Web Notifications Deny List\2.0.0.21\deny_full_domains.list

Filesize
9KB

MD5
a3b6c4249c181157cf292b749209fb49

SHA1
f3704c2d69b8f1c7738104f2d9fadf5ae644702b

SHA256
2edfd6823e18cb7a1e9e6abf571ef33c5be863cb5ea891ffa3df9a06fd0bfe98

SHA512
113df193b92ac3312b4e983434d0fb61fde5f3675ea00687ab6f9c53f17635bc5dba2970a5af6dc176618d962f982ab514b82d9ffbf894e315a31797887d35f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
4559a31eb741ed20aad71be1ea5f7b29

SHA1
cecee60eeec83e61ba07c3ce6a69caaaa4ebeaf8

SHA256
bdefad63ecf26235c165256cc11160b8ab4524983a0b79e615de63f8cbf27d6b

SHA512
a7fc9c0952ffebe5278c9af479ca0f4c8fa9b95da0d6308ea8f4bf6c6cb4e9467818fb803c8bae8d311582cd7f42d01100175187bdc949f0ff67c52ea65523a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202503281435161\additional_file0.tmp

Filesize
2.4MB

MD5
def6e15d8b63743747e8bbcd18857ea5

SHA1
61991c54069f5a8c6c075ef6543ba2faabca8233

SHA256
84e13eccbeb2d7620c683dd5d76df9ccb3522f5babd833c6efc2291df5e02e87

SHA512
5f82ca7236c40726701b77e8275e4eff27d4f13964dc20c268fa84a7589c5109b6535a7735a0c547fa0aa8ad47c777dda5a6eb2d33782b28f0dfe59d408a265b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

Filesize
5.6MB

MD5
08cb536a32f3871021bbe98b26e2f118

SHA1
f12ca4a7b85a9ffd6b321ac8090cc69b54a534cd

SHA256
7ce73faec3717348a02e9ec084815818d7fd6d18c56d05000f742d0f08eba4ff

SHA512
e049ce310ddb00093a3cbc172e7317f28a604934a2a5268c7db23bb86931b3a967c18f803bb8f983c78bf3bb0e78d97d2bab99ae0a443271b3040206b48b4077

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2503281435161204448.dll

Filesize
5.1MB

MD5
35b06de4e32f8e29bfe1a09aced9e977

SHA1
c8f08f241b93ce58ae61bd5760f7fd6be54eab84

SHA256
1b7c928c52a30da0fb5b070cdaa3f9e9e19ca4c4dd703b2212abe60e3f696177

SHA512
890776a54c6412489c5498c9c0176b8c75eca53840453ca08536f8433ca7b3087d2daf91773f3703554a85c45ab0aab44840bdfec19ae3ddf38c9dbb675d725d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e4d8bd1af068d8d4049e941fcb162aae

SHA1
21022f08536eca9d6ebb1ff3ffc9bf47788197c7

SHA256
742ce280a680d0a65546f7d523f9b37efbd94168221868d1f17ea95ae72b625f

SHA512
5a8dbd379e7632d817e351a512ae0c1f38d9c3dbf0082d71dc687124138bc6d293dd23a4df72f0965dab334a8c8b470b947008530437593b6b2ccd267dbf15cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
8KB

MD5
0cfee785899e1e93f6216653dfc00d57

SHA1
c0f1cd70bd8aa7297c9994c36dc3187e4e953871

SHA256
2adf03e18d705bbf522ae9b1aa43684d88a34e861edab051f2401284ef352a21

SHA512
6c4b8b6df8ee36ad85543703acac57df59326e737f345949b6073d7a11152039cac70a7ad1cb0eb5dc4c0d1d17b06ba0b6f52c5b9fbcba000f4ef6a07d67c3d4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
ff172833b710ac70c4d2712b786f77d2

SHA1
7140fba2b31f426dba90101b1294631cc0044b8c

SHA256
f20b2576a97d718765e316d8b00f9cf887f9ecd57eef31dfa943a1bf392c64b8

SHA512
81b5b761976ff2ef0a7c26c63aad48710882533683770bc3af1267501fe0f29aad0dd615f9c7a449b892e6920da44992c85acc0bb934c65bb52257193eea0226

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
417527a56189b095056d365890817286

SHA1
5f8beed31ac801e22ffcf800d2b44d7ae55a22fe

SHA256
8ae5aa953ca79915e6f1d41abf049411c83d6cbaa633bd688243059d9f951d59

SHA512
9479b40e0e33858dd5b1e2322340de9e775f1a666fa62c2cae4e0611e3a5bed838384a66ac6760db5b8330608e8cbde906fae6441150677a8c820510ee341440

Download Submit
C:\Users\Admin\Downloads\sims-4-updater-v1.4.2.zip.crdownload

Filesize
22.7MB

MD5
267ee260f9618d685cea6eff2ac9b70f

SHA1
f71461301e5e1a20a5405faa587cbd5fadbc12fd

SHA256
1fc62221a3b7d85e8c197691e0432a5dcb194874f80aa4d7aa66d193f7620ebf

SHA512
cbab36cb30461de3bf023f6068d00a480559107d5e56c64990fe307ab1da01a4fa4c0e96bbde0529aeb463eaf711136104ba39e6dcd0f07816e06ecda03be390

Download Submit
C:\Users\Admin\Downloads\sims-4-updater-v1.4.2\sims-4-updater-v1.4.2\updater_remote.cache

Filesize
5.6MB

MD5
269fe7cc2d59b6906697107128bd5892

SHA1
70965506bed8f2bc0881b9866371875f2a05fe5d

SHA256
0c7c22c16c201e257e151d8ebd06dbcc1234aafd9b3b8192ee6780f24cf337b2

SHA512
bd59ff0b86adb25239d88317d6f80f964a21a8457953f097c403815cb81a4360bf304d26768fdb1617d36c035b5e3394a0c5d2e366577e5480e0805bf23ac504

Download Submit
C:\Users\Admin\Downloads\sims-4-updater-v1.4.2\sims-4-updater-v1.4.2\updater_tmp\downloading\Base Game 2.zip.002.aria2

Filesize
518B

MD5
562ff0985ae80b099a9feb0e9f6e70d9

SHA1
95c9f35ec0cea267d028dfe0b97cf397fa0194db

SHA256
4eeb22d0ce203b2c6b7cac60ce3ebb7a57b0f5fc401e14541128f9f9f336d74a

SHA512
05681a33a28bfc2b0b1fc2737209add4a5251bf0400f26584e5e30b2a49803f8a6a4cf42b55e274d24b26e4454c0ea248442d2d348720b11b3d6345bad3203f2

Download Submit
C:\Users\Admin\Downloads\sims-4-updater-v1.4.2\sims-4-updater-v1.4.2\updater_tmp\downloading\Full Patch 56.zip.001.aria2_TMP

Filesize
550B

MD5
324fcd2f8845543058aa2abbab212f67

SHA1
2e41190f8a30a4e61bc8e1dd0ef89fb83dd21843

SHA256
fd9352a7902c0244774f3f6620fb3a1c24cd053d038f849178b70595949e929c

SHA512
d349ce387439dbef20076755c335abf9937c246717cfb0c41c2ca8d5b92f09477cb98e9841d503916dbc43ef9bbc362438676011e5f94bcebe1a1f0507f82a18

Download Submit