hxxps://scrap-mechanic[.]softonic[.]com

Analysis

max time kernel
63s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://scrap-mechanic.softonic.com

Score

6^/10

steam discovery motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
473	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	388	msedge.exe

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
685	388	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6128_2100508802\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876553995425778"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-814918696-1585701690-3140955116-1000\{74C13F8B-1D85-4708-AC00-C012C1C77613}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-814918696-1585701690-3140955116-1000\{ECF7AF35-DCC3-4FD5-B1BF-FEBAE9D7DE1B}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 6128 wrote to memory of 2736	6128	msedge.exe	86
PID 6128 wrote to memory of 2736	6128	msedge.exe	86
PID 6128 wrote to memory of 388	6128	msedge.exe	88
PID 6128 wrote to memory of 388	6128	msedge.exe	88
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 432	6128	msedge.exe	91
PID 6128 wrote to memory of 872	6128	msedge.exe	89
PID 6128 wrote to memory of 872	6128	msedge.exe	89
PID 6128 wrote to memory of 872	6128	msedge.exe	89
PID 6128 wrote to memory of 872	6128	msedge.exe	89
PID 6128 wrote to memory of 872	6128	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://scrap-mechanic.softonic.com
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x25c,0x7ff80764f208,0x7ff80764f214,0x7ff80764f220
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1812,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  - Detected potential entity reuse from brand STEAM.
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2184,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2552,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5000,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5188,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5348,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5964,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6328,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=6308 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6328,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=6308 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6180,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6080,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6724,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=5972,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6772,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6928,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7112,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=7900,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7856 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7880,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7848 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7864,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7600 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=7916,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7844 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7932,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7544 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=8220,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8236 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=8284,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8312 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=8564,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8536 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=8600,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8036 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=8824,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8212 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=8972,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8292 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=8856,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8984 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6788,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:6472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=6880,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9300 /prefetch:1
  2⤵
  PID:6480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=6912,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9440 /prefetch:1
  2⤵
  PID:6492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=6320,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8200 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=6812,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:6468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=6632,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8252 /prefetch:1
  2⤵
  PID:6376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=9280,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8172 /prefetch:1
  2⤵
  PID:6420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=8160,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=7400,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8132 /prefetch:1
  2⤵
  PID:6428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=7568,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9032 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=9096,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8116 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=8104,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7260 /prefetch:1
  2⤵
  PID:6776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=8300,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=7780,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9128 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=7120,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9744 /prefetch:1
  2⤵
  PID:6908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=9840,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9864 /prefetch:1
  2⤵
  PID:6984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=9092,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9048 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=9496,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9528 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8120,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9080 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=9568,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9004 /prefetch:1
  2⤵
  PID:6648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=6164,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9128 /prefetch:1
  2⤵
  PID:6176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=7728,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8252 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8560,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7216 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7160,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7132 /prefetch:8
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7248,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9824 /prefetch:8
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=9776,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7216 /prefetch:1
  2⤵
  PID:6772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=6044,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:6428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=7184,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:6876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=7052,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=8128,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:6944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=6168,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8692 /prefetch:1
  2⤵
  PID:6828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --always-read-main-dll --field-trial-handle=9632,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:6932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --always-read-main-dll --field-trial-handle=5288,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:7000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=7264,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:6720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=9604,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8988 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=9976,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9152 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --always-read-main-dll --field-trial-handle=9204,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=10104 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=8920,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9816 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=8280,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=10132 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --always-read-main-dll --field-trial-handle=7964,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9132 /prefetch:1
  2⤵
  PID:6408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --always-read-main-dll --field-trial-handle=6728,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:6776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --always-read-main-dll --field-trial-handle=9592,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --always-read-main-dll --field-trial-handle=7940,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7720 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=8424,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=2416 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --always-read-main-dll --field-trial-handle=5132,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:6712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --always-read-main-dll --field-trial-handle=7744,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=10232 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --always-read-main-dll --field-trial-handle=10172,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8888 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --always-read-main-dll --field-trial-handle=7984,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7716 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --always-read-main-dll --field-trial-handle=6644,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=8996 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --always-read-main-dll --field-trial-handle=10192,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --always-read-main-dll --field-trial-handle=8476,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --always-read-main-dll --field-trial-handle=7544,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9244 /prefetch:1
  2⤵
  PID:7032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --always-read-main-dll --field-trial-handle=7048,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=7656 /prefetch:1
  2⤵
  PID:7024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --always-read-main-dll --field-trial-handle=6172,i,8449134640029673352,8048260588461923322,262144 --variations-seed-version --mojo-platform-channel-handle=9128 /prefetch:1
  2⤵
  PID:6588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:2264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ff80764f208,0x7ff80764f214,0x7ff80764f220
    3⤵
    PID:5188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1876,i,5321808146577642263,2192015567547860481,262144 --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:3
    3⤵
    PID:6392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2284,i,5321808146577642263,2192015567547860481,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:2
    3⤵
    PID:1548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2560,i,5321808146577642263,2192015567547860481,262144 --variations-seed-version --mojo-platform-channel-handle=2572 /prefetch:8
    3⤵
    PID:2900
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4400,i,5321808146577642263,2192015567547860481,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:8
    3⤵
    PID:6180
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4400,i,5321808146577642263,2192015567547860481,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:8
    3⤵
    PID:4480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4460,i,5321808146577642263,2192015567547860481,262144 --variations-seed-version --mojo-platform-channel-handle=4524 /prefetch:8
    3⤵
    PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2156

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3088

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4 0x4f4
1⤵
PID:2412

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:7072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
bcb2b5ac8f087061630d0e974fa5b184

SHA1
d93324cb5173471544374d626452b427fa04c212

SHA256
dff5f4f28e13df2babe3bf77f97c6459fb491a4b4cd7699e5637e651eec0297b

SHA512
60eb0fbab81457a187ab54d4bad686a7efaf5cfd71bd15f87602771545412153d38337e911122598e36a6c4f7e62b68329e95279ed25106836e206319e7f1043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
1da9285fddb5b6ed0e4327e972a0a74a

SHA1
16d9fdf9be7a611e07821b0112cecb90210191f4

SHA256
7fa5271d4697338c36ec05799be4838de8a5c07645245432daaac745cd7062de

SHA512
494c8df865ee5676a392e9211b9b78818200630d33f9e21d694281fdccc10a784885f859440889711538e841c3a9b2655715b3fb16197b6aa64c3414d175e9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
60d40d2b37759323c10800b75df359b8

SHA1
f5890e7d8fc1976fe036fea293832d2e9968c05c

SHA256
c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0

SHA512
0c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
17KB

MD5
29b8ae1d50ef8543dcebf4e9f53089ef

SHA1
90297279de99683b3903534459bc9962924d79fa

SHA256
2dcbd24e8f78b008251a1a0499c981a79be59fdf154ff9938a28ecb7e64cf12d

SHA512
6de295089b62bd50ff955c2e381be6bb0e59b1f0776946c5d3b5109fffb84ee2a673f49d2d5a56e5600d3b09fd8e9cecbcd0e677234a6f96c1194dd1e1c27c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
20KB

MD5
b30f82421cb38e73c0311b00edde7793

SHA1
706b493febe99d9572401dbb11d7475eedd007e1

SHA256
e3ee5ed4f65a7ce1faafe6632786ce889f52dd28d5ec52eae58983edcae3f5c8

SHA512
6112857a055a0223aa40891d440e84945296ca60469a57c9498b02baad2b1aac1cf1fe03ecf4f371c7b98729f959f4e561a68f5118a89174ba3d52d0a91e2481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
20KB

MD5
5ea70ceec4d5d2ad3c54154486787cfb

SHA1
49493b9e952fffe961fb24eeb86c32a326b41f45

SHA256
5dfdf6803a3730aa2b23de58e286aebe03e542b5ed1d116e5c79fb274496961a

SHA512
b6389108124739c59dba54db6c35ef85a7593a2650620082fab3e48eeeb0df8f0de2865ac259d3f55cbda6a82525022db0080ca3df3829445db28ab25e769098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
102KB

MD5
9a6fcd6b92005e1e3eb00177ed2cef5a

SHA1
71a18a9849bf8f959e59a974a9ba4a8d07bf2937

SHA256
aaa8df56b4a2c6e65971dddfb5c643b7ab158b037b82b637a05ae744556ee8a1

SHA512
005a5dfd33b5e28b1459f822d61025087fa6a1a8ae7868e64e9fc2f8b67f596d16f427b21953288486b1ecc2df06c8830c76a28fda78c633d462e31726160cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
103KB

MD5
5b3628224127c88c84a28f6482d5c4c4

SHA1
0a8a2ac08e43ad5dc7832093f88ec0e2f1048e9f

SHA256
0af91e44d8b4a1e8380f0634edceef078f56990fa62e5538e315638208ccf526

SHA512
83b2dea7204f79f9eb11f6f24b187e559a39c5956a02e8a5b361820ee52ed4bc3c0c51e787ab40b28d4fd2743fca7b899225397a38ed900753e4df82c8e91639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
16KB

MD5
11825cf6da869d7589201092299231bf

SHA1
b650151674a230700dc66352a0f002ad5db6d195

SHA256
2f315c341e2ff775fceede3d1b5dc2f8124a866a382a2c30b760ac6c2abe7bdd

SHA512
e5902c14769efb05fa457dcaf62d4b0d126cf3b71aa9be596e3609e1b63f83d6bc2ab3d1aed9a077a6fbec3e7f6a633b3d0b1a8b77d7d0161af60ed7d260a6b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
32KB

MD5
2c7cbedecef7a0f4bc5efabc0314a165

SHA1
7bdb2c270e7c8eac58ab336e7834609c95446d6f

SHA256
4571ef66f7aaf2abfb23798a37b845ceb75f7b60657596e36c5b398e1642af2c

SHA512
90b55960f4e13a071924e60ef7f525fc3ba47d02b9a1243bb129626716b1b595e94db00ab8b05795e6bba53f298973452aa2daa4d6661d348d41bbcda65e8c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
145KB

MD5
83ea4a1287eecd0a7e6802f2e78c1312

SHA1
cae7e14ac31329651805eee87d3234cf516fb3d7

SHA256
ac16bbd6ddfd90c46026d64f173949fb717015fce234411bb8f41f05307b81e4

SHA512
66746d73b7c9726ed7cb69d87f9bcb4a54ab90c1a924a04fc7c819f9f613a1a47ada089703affbcfc64da80c4d5f3d775f3167971e77af710c40b2098d43dd3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
42KB

MD5
23d5f558755a9d58eef69b2bfc9a5d99

SHA1
fa43092cb330dff8dc6c572cb8703b92286219f6

SHA256
6e5bec69b1c6424972a7f5481ac57049811f0f196535b707613126c11292c5cf

SHA512
9c56c94d059a27dab9f69c9dfd718382a8eb192b8c0ce91cd6db6ec0769b8756acf9c0956a35561474b87d6278b13fbe88a6e4df6260c278b1ae06e9be55dd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
73KB

MD5
c9503a8859a0defa39c6c0bd0acd6687

SHA1
ee4d9bd4d3d00d065622bb15f62c1928c39d57d6

SHA256
9615bc2b063044e8a05996815548a27963b1ddc0c836d784e4c60e48876b8a98

SHA512
16384fa5ab2f95f60a1125e4451c4281d86b6b90f442d7cb6b8a833f798a61f105cd8c6b07d3a541e40f65ad5074358d50b46680ffd5e2343582127f464f774b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
22KB

MD5
280d0dffcf08dedc8ce52f25270bf1e8

SHA1
e9566fd9372120a6fb9760a131f8919934954f35

SHA256
ed51e026d37d510820ca0b811d1f774fa8eb13ce09775c5a891853ca072fb58f

SHA512
1dd8a347348a3d211bd8f03c30d7dfcf160d62ade9c354dd9649ef4591c874bd466d864ac0aad454a0b0e01f1149c1c5a95aa365affbd7d81f79558c7ddc39b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
165KB

MD5
6e8e546d2a06409200ea3e7fafd5a676

SHA1
d4d2f599ae5a1bf265ce0725aef1a8d94ce961ea

SHA256
eb0a6994f4f7682f908331592bdfc8f760f47210ee8a0a56a64c71546aa6456f

SHA512
b23cb4958ae5bdf0c5916a372e7e60dd3b2a4bc5564ba7543b34b10a8598fb771d0f4310638f5035afc66b664f66d1982b905cb2aef86f29723d34f9fc995aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
96KB

MD5
1fccb9ea76421ef17dadd504541baa2a

SHA1
837a7e1deea231e4302093aee156b921d7055dd9

SHA256
04489f1dc171bffaedc24175a3987f0114752f457fd4631d0c5f8e045eb27d58

SHA512
9a14f3f0e810cb36e37b4a5ea1e2c65e2230ee32d682dd5c964c9e976f289525fd0a7c2f77f7b07a7fccb1a5a8f79d01870c10c42cdeb877da237bf9b2391166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
21KB

MD5
fdaac7c912846eb60cb84e62ed7b1845

SHA1
f22ea5775fd962644599362c911595b044080ecb

SHA256
50c7edc392384ad3b580d27304c969eb02375fbe40ca853b696a20abe5b0bc70

SHA512
31e62ee9ec1ecde3b70471c01e29e541a9778bbbccd1376ef9792ad9f5a022a74ef97b2eddcb0bee51f224f71f9c1efe00c89a2ec2a1bc88f45a699efa91d870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

Filesize
92KB

MD5
1307c67e644af41fc3d2f9af77297469

SHA1
8c2d918ab97e5620f64427aa3e5d8077a09d767d

SHA256
4c74c84a085911d8f34cd51a5f5dc03bd742eef64a6c1e414c4e2ad374d351ef

SHA512
094dc6eecc6497b21178b477fcfc65bdd59cabe008e6f21452b8bf0d356735d7d9604d74e9451a7cd215f9fb29a88e47e3e0d1c0727e36c40cf9d2ad76faba43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084

Filesize
29KB

MD5
4f67bddea4a4b56fa44f7cfe3d8e17f6

SHA1
438d0068eea5ebebe51681e9a99f4ea32cfe15e3

SHA256
b12c446b6906a8955e13fba049813b7367342208f2f605e636bae8cbb7c2a847

SHA512
341ad30b36804ec19a0299e99e95ca576474ea85eb853f986f0e8199481e5e5f6826d71ed660f408b0dd7bce3e2d28e873e64799a24c5803247b7ab356a276be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000085

Filesize
97KB

MD5
066e4698bc2b70ef1f3a5ea4e8bff64f

SHA1
2697497e84c67c8ba8132edbb2b3dcc4a8a33da6

SHA256
d25472cccfcdccaea97d978ede13d15bb0ea0eb68b9f0e356b55ff48b8467044

SHA512
acf17385701877e73ffa53ab3a89f8cf53150adaa342fe5597441707dd3c1d11b2203de7e213b7af6df03c9cbb34bcdc1383b24c9776207baaefd2f2b395d83a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000087

Filesize
97KB

MD5
d36d219c4b8c4f1774a7d903ce639e69

SHA1
0e774957f5e3837145032c6816236a1b3db2f0ae

SHA256
c98682e820b1b83dde826852cf29946fd7e8e5b2f5979c36b7f454c35bd52b96

SHA512
3c832667c4129a4770cdc1db3e0f5c12156f0bf29d31c31be2f14b51a19641c2963c86c80b72d56d2ec780165ba15d21b0640e85d75fcf0eaff1a402bffb642f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000088

Filesize
29KB

MD5
e6ec1df39aa8d07cf330a72f47196abf

SHA1
801af4548a1108d80264f289a2c4198cb273c2c6

SHA256
18117406ad59b6a0d16b1fa1ddeb2d53210aa3fde7a2d3ea00704d3187257ca2

SHA512
ec806a7550dd0f9f6b0e8a14d9f00277690b771230829ba07f29807412a04b337ed893caed31363ead5cbb2e933cc2561643e1568c22094fd216d4d950bd12e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000089

Filesize
59KB

MD5
876842ca6a563581d88b0613f24cd11a

SHA1
66f1e7120c86e5ad237010f60f51754dde177947

SHA256
beb5d66d8f007b065d48d07b282d45d8f31e7a5f8368a07413b33c6a52d14b09

SHA512
e8f1ffcc9f8966ec89e966eb6dff92b486b723d7c29ccd6d765424e0486b5c83ad580b04d1325c7b83eb0916e34c54247bf8acebb9cd6b14101f9b61a39bfb0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008b

Filesize
16KB

MD5
9dfb3a988966d2a262c122ec4c9a6e25

SHA1
5f946f0d64337b00e49b27fbc8ba21d091648a00

SHA256
c4ec41c3b1a8d290592bbca2c550a492e623d478e522259134a1fc17d50e5fb9

SHA512
cc4f6eb477c742fb948466e87f491dae8fd33b110c80598853995b151048db00455d0e71370c7c5cd3cee27228a3e7c17d0ae50006462cba42f6dba4577af817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008c

Filesize
28KB

MD5
564a80f06c5058cd19537375a47d2da5

SHA1
db5220e6e520a2011362bfe82a1be6fdb413cb48

SHA256
230a4ea452bc7ba039775d964e2de8a643a9fce5d9f74c25649a55031151d8ca

SHA512
fd617efe1dd3b9425648ea8ca5c7769c8e81e3f78caee6805b0671ed7681824dd135e90191a1195d5ccb8610b9056a07018483098ba473a507ecd100739d1c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008d

Filesize
135KB

MD5
3fc05c3e093d189d2351e40898f2b47c

SHA1
b851d80bd97e24ef105909f81c3ec8ae27099dba

SHA256
68a0b88f9166199ed78eeda92d4177d6c860a83b4aca5cd966be3af6af24e6b3

SHA512
9231824354571a8fad4187c4ab0fbb10f9a34bd8fcc464662558e895e23625f4ed5cc55163ce22ed5145186ffab7503d95d7d7d399c69f46081ecb22c30f3213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008f

Filesize
20KB

MD5
4b24739c5ce349f1148058c3fddc0237

SHA1
2adabee4da418cfe0263b2f6177eae8377f353d5

SHA256
1690d4123a016bde38123230c6dea716d9f6f8d9bd6d78d4bc02204a5765f4f2

SHA512
4fdabe9a33d0b1f2a1d1cdea42ddca9198158b7f2c2b333908ee30e2787ffcde58fee5bdea456702e3fb5209daf3e19028a14c6eadb0ca94668a7ed1e866d255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000092

Filesize
62KB

MD5
022b25708e11ee781f8ba58697c9a134

SHA1
8ce2e1690491fbd3a07696fd55666c2ad6300322

SHA256
fcf8adcd7503ab0bbc1efb75432802c3a1854e67ad20bd83b9c4dac5934050b8

SHA512
651776c099c37ca0d1e7468fb8f25da631fb87a9ebea29d8a53279b984140a1977d54b9c282dc026d09775cf30879761af83cb94484b58d069edb9cbe085961b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000093

Filesize
67KB

MD5
60a30ef624fad5be472ee5d1acd1b2ab

SHA1
5dbb87bbc2e8a6143308e7928536ae778610794a

SHA256
d0ec8a13c2eb6a38d628cd7adaed308116164ceee003f816889b4db1735bfccf

SHA512
315e3ea4d4c6ccf6c14fc509933b01cb77c964b608cb95ce2ee8c331011adaf618e41cf4b8c499c4f6c9e137b88a34caaa7aaa44a69fdabed84df550e178d60a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000094

Filesize
31KB

MD5
e997979733c0c7fafe4251d7679ed8a2

SHA1
72694fbcf563352d1eb7ecd0cbf529b61da9b547

SHA256
765302a9be1402d967aa723eb5c1af44c5d9bb13859ce4ee9192899d7b70a607

SHA512
e9d6007d780d5565407a48028e29ca5b1a814bdb329303f0cf17a386aeb42a89d00fdf0c502cd06122cd7ac9d16e54d967a4dd0c6020b44258c99d2eeb2f83b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000097

Filesize
19KB

MD5
f38c8b606cb650373b1c566449a7e659

SHA1
2c8ba870c882aabb5da60d168192eecb56b1785e

SHA256
9b6222ff794fd12f3b7b26354f77669bfd5c9481e91f044ca43a7ad0055ad699

SHA512
e5ca5c9e341c2eafa8f0fdbb57a0c0b78778173eb4e5582d8fa1916ed1c7bd2e7fdea536600c4a1cf0c1d998773d2903cd934c722ab9d7ca0df3170650012ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009a

Filesize
21KB

MD5
779ea2ea11c1cc3fb2ef48954c3ecee0

SHA1
f1db8393735b7e7d641c746b303b6596cdae701d

SHA256
7b108ec13d6202ca0951d2118ef833e5c6f2d5c1343607e1c310a8cf9fc58324

SHA512
60114c26365f43bb609f25563b47ec676d93fd2b6b42c01a30e8ebcf1af318b2a4347ee6337443029c73aea3b2db7a9d247126c65376d7fec98bfcad3fc4677d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009d

Filesize
20KB

MD5
e11c810c086df83c0876dd59ed32ebcb

SHA1
b89fe2ed6d016f81af13b35797ad2b0e2e5c6822

SHA256
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

SHA512
db93e7e4818b40c7b16c241441a5bbfcd335121a89a737611aca4e5bd1f22a7d8fd9a1e79e0d0a7701a497cf6bbc238a7417d5dac3480d20d4742b9b9717a15c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
bc02944d3c1337ef0eb3306a856bc53e

SHA1
fd9cf598f0f6dc5286dc6fd66d0513672b6808f7

SHA256
c0ff40a4c0eec080bd6e6d8535a410f94a282d0e7b5b782bf432e057c00150be

SHA512
9684043ac64788aa4582fb2827c40bb623b80719168d9599aef57d6518b44d15732ebb35a8b1cbc690bf5d50536fa456554acf39fd309fa0fc1a3bdda2d27389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe582ac4.TMP

Filesize
3KB

MD5
6ba866798339732a59fd77afda598ef6

SHA1
46cac8d36c3ed9f3118a8bc479707b0c2db47d4f

SHA256
fe7e5bc33ea7127385f1fcd935ddc1dd2d23b3f24f1bc7c84f3e80174e92cde0

SHA512
14a78070847191f598a478f420b9d8cc478c568708e18b2aaa3ea5249f5753a70bfaa5518c822c861ee7d24e9f0ac3283e6f8e4abd0fa2463f9a80296d60cdd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
dbd2bf257f6a392d041021707d5ef2bf

SHA1
f4b6f1f09c28aca0195f81bc3aa46c16c64f594f

SHA256
d828c37412175993c514dcf487283ad5a22b1788bc65c2373c391988a3875067

SHA512
8dfaaf0aeaf58af7cc460a42af9bf56ea71fbcc2e635202e57597e737c0bf75b6963041a2491646d3a094bf09adbe808476cf09fd3d5b3b23699bcd6a8c26595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.softonic.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
28KB

MD5
7888dd399691a93f95aaf579c839538e

SHA1
20258eff1270b9cc759c290df508d010b82951f6

SHA256
fdd61823ac7edde084eea58944d0925df4d10a6b0d1547cb2711b34e1df0b965

SHA512
c484cd52e555e5e58d42da5b18525a313e7f581fb82b9d87a315ff3ce45f99b2162c064b9d7146ee671aba63febb96c68d4eb04f74fbd7b44d14f2abdb29d5e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
2fa0cfff638f15a0ed50e4c6de45d832

SHA1
0a237eb90ada8fa32108ce426d65acffe9a302a6

SHA256
668a40ded2a3ae7cc909c2363b9426c397d470f702eae202d775319fc4854991

SHA512
92a144f9f2416fc19b5e55aca23ec2c4d79b7accb5c0f90c4ef0a08d9b7cb9894fa5fe5ec21bc118677dca0e54d2539e4d958a91aba76b4ae13085eedacdd23f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
a787ac375c479840a5bb11daf4c6768b

SHA1
22b51ea8215025fceeea0c56f77fc42b426dbbc6

SHA256
b7e97efc6ff9ae11655ddc1f046590c6f7faaeb4144743d399a1fa9d541ed281

SHA512
b881a15a1a0f14a829af36649d7a6e56a2130d5e2bc733eba499f9f1813f4c78fba4fd3d94cfe2bc63748340a7f7e8c9c78f6d958f8d73289a381ac5f081af13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
0d1b5e7129ceb46bbb7869136c0b2c39

SHA1
760781c4866a6a4cf4dd293884dff0cb49a0fc70

SHA256
a36274517105c1a0579f6c4c5a626a0db0346b003e19728988d20a6cfe007db2

SHA512
231914a547ca59628becaeb643c323e1c4a05d011e2eef544bb5da46a5c79788db41a0b66ff4252108c97380963016125ff5ff46b8991a62af7925f3cd40602e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c2825e6fb58c5979ae751b049ebda7a5

SHA1
d5a358279615b29ba241463216a343541b07fc29

SHA256
0954babbcddbb8e1236b739a22e43ea3037334b98b1b6c3ac948e573f2821204

SHA512
15df90353ef26d29e8296776a6e416e25994318d6aa5d948e90be73180676d564a0fd3ef24c16be3de2ecbbf06df21ae5989f86b2bffdef06f9b25ef40bda2b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
57edc3180abac55366b27a35b05daf05

SHA1
a76875f76690447fcf47a9b08caea4a3b313f1dd

SHA256
f5fb241f00ec6a5a8a2cb93c50f368340d30d268fb1374df3007762867a63559

SHA512
9052c1de840dab998a8a14a5710de5ed1adcf0ef00b4d799f9ff2cc38362f12d3d6d0ad99de480243251ba1d3fc998eaea748e7ce8d2ddbc05b36b5d3b78ca6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a8a4.TMP

Filesize
48B

MD5
69a7034da2b8728060d66360e0e3ed4d

SHA1
92467d7f533f37ef530c92020a3824e281340cc4

SHA256
4cd3eb121d25bcd7ec16615d8b975bbce9a7f8a0b9e9fba1e6cdf3333db2a0f9

SHA512
64608e1f68a0e192104f1312f3b21b332444fa690789ea9c5baa317db0752e3afe44743164a8d8ea0d7d0387b6b4a0f3bbc9873e058688ab9dffa23fdf8c7f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
94f829c99bd2db1bad5977bfc4faedf4

SHA1
92d068a4739d1b6ee611d764a44e549a8517c31e

SHA256
22a105f00471b4ef6b5fa691031dd64af0a249e8bd2555512ffa25ff84e70640

SHA512
4bd59bb40242a317b53a674211d693086093549b55c7dffa4a6237e2bd8f275942a614dcdcacff1dbc7f8b3737b694a6047e6637ce6b48a5555fa15d4ca81804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e83b5189-e6e9-475c-aa39-2c3958390276.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
81cd408a734d30153d80d66ac1ff3551

SHA1
7555261e698b6c842370f55f1f6ac54f514b6793

SHA256
a3ff225964c45d1d46117bbe50e34dd7eb4827f3398ae66eabf0eb8bcc8c96ee

SHA512
bf78195ecc57b56d11cf590a00c2e6eb0d546fac67a6208204f96e0628177d444f0b07684f1240a64f1e843ba88fcd903b4ba480bf1745ef7c25d45ba0b18a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
8d3c5af6013df7c7bdad7efa7455bcb9

SHA1
6d1e5ff9904e8f13d9f453fe42711b91c2181728

SHA256
9932813105c9081c2d9481a8280c82cc96dac9485e8151e2909c52cd6f0d4ffc

SHA512
34d05b5d6cee2a3d0e22e75bcb3c9e41d773fbd81c885dcc1301c459145e14be28a6017f4856cbcfe324e76176d9cc3d670c9b628898224d827087283302fb81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
843f64c71cfd437509bedd915107e23d

SHA1
2aac9947761fe0fd0d2e578cdb8dd866375910cc

SHA256
975c0a9af281459a5c3f2ff8ca9cbe58706aca50e6b5d30a3abfdf9b4ffb5059

SHA512
5e537e40dbe16f763d2592dda06b6bf330c0f50d6b154838332a063d2fa98c9dfda1a6225c2b125822761a112a07d28a96a9ed92cc1bd743e9269fb52cbc3cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
2c5d5296fe2d16bdbf2cca9eade7e75b

SHA1
8606cd84529db6df8aa741ad80233ed3a4b12dfd

SHA256
48851dde0c594ea671db504e96805c9192cc862d9449b9a258c620739d413917

SHA512
e63cbf9529f8e20f3176210586b966cc1bd7281a2dcf3843672620d0325993dc3caf2a75fa96b5a08242e5e61fd0a99f6c1f8b134b5a4a4e03e6aa756eaa1b6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
cab41a34b00c40b16c56be3b6ca97960

SHA1
7e0f92ac7d2960dd890db6121ddc0a65b872963e

SHA256
f0c72b1b1c857d242bf8fb85f0333ac8104c525e0e30080a6b331396de263904

SHA512
5c04f787891f0b114ad474333f3a55b8f6eec31c8fe274ae7a2ed00dc1c2c6338f835f8ca494d660fd2171e944ba889a3ac09e63c400f95c015f2ed0caa52960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
c0e27f8c73341b2976fe21cd5ee39917

SHA1
85e376a001e83f284aaf1a59f50da77980991abe

SHA256
1f18a75af99d16822b91d8d5f7bcf77b4781998a8a6dd44cc1f4ae9daf961207

SHA512
2ce0af1bb6569ff84dc5bfccf10420ad250fa2da1c46c727d3c02a6dd9e9049fa2ccd684c52f1c2de408ad29a171796cfc6902e3611eb064841a424553f6f87e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
0dcab89891b009246b1244ad15faf49a

SHA1
93ba96bdba558c036d11aeb398490f2b71ac52e5

SHA256
b2d828550d428864d70c0343b9470d1e5994c80122130e89a078b132a090ec7f

SHA512
4f89742a54f26f4c75040a35804eb44e501489ef3f061221614bb95f61dc5b0965b87fff003a6b77fe67b7af920f6614eee4c955d2bac5d9c919e0af743adeeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57c534.TMP

Filesize
392B

MD5
4d3a70f680f4a6ae767132c0bfd25ff2

SHA1
65962095a1b290b6e13d7d11dfb12b98a7b432fc

SHA256
aab372da75fb00c36db6e76a965801283ac4d45b6424b476f59657ef967f9ed6

SHA512
bf70f9f624ed69f3ef69cb58e7b495b7dda339cf760425bff4c4b29a37818ddc942e7be865c33ffce98506131dd605dbe2ba3d10b16615019abe8d718a84226e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
ed42da2d7e2340d6393a00f5b7633553

SHA1
b90434cd9e9e365b6241df6518b7247e6507cd95

SHA256
0a4e5bff7517a4ad009433b965a5dd2d5847b2d717e4c46b41cc71a701f97da7

SHA512
cb0d33ed7927d5715c0feee1e2abe0345c35c5dc4800f192c16a761612d4713e2abbdb4095d6a49b83873bbc9a92185b59ee19dc80449fd212794d383a29485e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads