hxxps://www[.]home-assistant[.]io/installation/windows

Resubmissions

28/03/2025, 19:02

250328-xpws6a1rw5 8

Analysis

max time kernel
1799s
max time network
1800s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.home-assistant.io/installation/windows

Score

8^/10

discovery motw persistence phishing privilege_escalation

Malware Config

Signatures

Contacts a large (521) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Drops file in Drivers directory 18 IoCs

description	ioc	Process
File created	C:\Windows\System32\drivers\SET60B4.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\DRIVERS\SET4CFD.tmp	MsiExec.exe
File created	C:\Windows\system32\DRIVERS\SET4CFD.tmp	MsiExec.exe
File created	C:\Windows\System32\drivers\SET5700.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\DRIVERS\SET5D59.tmp	MsiExec.exe
File opened for modification	C:\Windows\System32\drivers\SET60B4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\VBoxUSBMon.sys	DrvInst.exe
File opened for modification	C:\Windows\system32\DRIVERS\SET6374.tmp	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\VBoxUSBMon.sys	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\VBoxNetLwf.sys	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\SET4E46.tmp	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys	MsiExec.exe
File opened for modification	C:\Windows\System32\drivers\VBoxSup.sys	DrvInst.exe
File created	C:\Windows\system32\DRIVERS\SET6374.tmp	MsiExec.exe
File created	C:\Windows\system32\DRIVERS\SET4E46.tmp	MsiExec.exe
File created	C:\Windows\system32\DRIVERS\SET5D59.tmp	MsiExec.exe
File opened for modification	C:\Windows\System32\drivers\SET5700.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\DRIVERS\VBoxSup.sys	MsiExec.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 8 IoCs

pid	Process
1836	VirtualBox-7.1.6-167084-Win.exe
1056	VirtualBox.exe
2364	VBoxSVC.exe
4000	VBoxSDS.exe
1076	VirtualBoxVM.exe
5848	VirtualBoxVM.exe
3084	VirtualBoxVM.exe
5916	VirtualBoxVM.exe

Loads dropped DLL 62 IoCs

pid	Process
4108	MsiExec.exe
4108	MsiExec.exe
4108	MsiExec.exe
4108	MsiExec.exe
4108	MsiExec.exe
4108	MsiExec.exe
5216	MsiExec.exe
5216	MsiExec.exe
5216	MsiExec.exe
5216	MsiExec.exe
6080	MsiExec.exe
5216	MsiExec.exe
5688	MsiExec.exe
5688	MsiExec.exe
5688	MsiExec.exe
5688	MsiExec.exe
5688	MsiExec.exe
5216	MsiExec.exe
5216	MsiExec.exe
5216	MsiExec.exe
5216	MsiExec.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
2364	VBoxSVC.exe
2364	VBoxSVC.exe
4000	VBoxSDS.exe
4000	VBoxSDS.exe
2364	VBoxSVC.exe
1076	VirtualBoxVM.exe
1076	VirtualBoxVM.exe
1076	VirtualBoxVM.exe
1076	VirtualBoxVM.exe
1076	VirtualBoxVM.exe
1076	VirtualBoxVM.exe
1076	VirtualBoxVM.exe
1076	VirtualBoxVM.exe
1076	VirtualBoxVM.exe
1076	VirtualBoxVM.exe
1076	VirtualBoxVM.exe
1076	VirtualBoxVM.exe
3084	VirtualBoxVM.exe
3084	VirtualBoxVM.exe
3084	VirtualBoxVM.exe
3084	VirtualBoxVM.exe
3084	VirtualBoxVM.exe
3084	VirtualBoxVM.exe
3084	VirtualBoxVM.exe
3084	VirtualBoxVM.exe
3084	VirtualBoxVM.exe
3084	VirtualBoxVM.exe
3084	VirtualBoxVM.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\S:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\A:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\I:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\K:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\L:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\M:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\P:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\N:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\X:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\Z:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Q:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\E:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\O:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\R:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\T:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\G:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\V:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\U:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\Y:	VirtualBox-7.1.6-167084-Win.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
2350	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	336	msedge.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\netpacer.PNF	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4afc2e7d-98c6-cc48-a71a-5068538bb626}\VBoxNetAdp6.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{71b3f64b-dd47-bf4e-a519-a575e96e8599}\SET5665.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7aef2613-a8c3-f549-bb29-4b977248e596}\VBoxUSBMon.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7aef2613-a8c3-f549-bb29-4b977248e596}\SET5F8C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7aef2613-a8c3-f549-bb29-4b977248e596}\VBoxUSBMon.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{80b1582b-ab12-ff40-8200-6caa21cb4791}\VBoxNetLwf.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\netnb.PNF	MsiExec.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\wfpcapture.PNF	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3f2d141d-4521-d34d-83ea-d409a9496c99}\VBoxUSB.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ndiscap.PNF	MsiExec.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxsup.inf_amd64_51feefe6fa2584ec\VBoxSup.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxsup.inf_amd64_51feefe6fa2584ec\VBoxSup.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7aef2613-a8c3-f549-bb29-4b977248e596}\SET5F8B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7aef2613-a8c3-f549-bb29-4b977248e596}\SET5F9D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4afc2e7d-98c6-cc48-a71a-5068538bb626}\VBoxNetAdp6.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{71b3f64b-dd47-bf4e-a519-a575e96e8599}\SET5664.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3f2d141d-4521-d34d-83ea-d409a9496c99}\SET5E25.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{80b1582b-ab12-ff40-8200-6caa21cb4791}\SET4A01.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_9855768fcc4a8263\VBoxNetLwf.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_1eb1ed3a2c402b9d\VBoxUSB.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{80b1582b-ab12-ff40-8200-6caa21cb4791}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_15909adfa959bbd7\VBoxNetAdp6.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{71b3f64b-dd47-bf4e-a519-a575e96e8599}\SET5665.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{80b1582b-ab12-ff40-8200-6caa21cb4791}\VBoxNetLwf.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxsup.inf_amd64_51feefe6fa2584ec\VBoxSup.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3f2d141d-4521-d34d-83ea-d409a9496c99}\VBoxUSB.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7aef2613-a8c3-f549-bb29-4b977248e596}\VBoxUSBMon.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7aef2613-a8c3-f549-bb29-4b977248e596}	DrvInst.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Roaming\VirtualBox\VBoxSDS.log	VBoxSDS.exe
File created	C:\Windows\System32\DriverStore\Temp\{80b1582b-ab12-ff40-8200-6caa21cb4791}\SET49F0.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{80b1582b-ab12-ff40-8200-6caa21cb4791}\SET4A01.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4afc2e7d-98c6-cc48-a71a-5068538bb626}\SET4D8A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3f2d141d-4521-d34d-83ea-d409a9496c99}\VBoxUSB.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_1eb1ed3a2c402b9d\VBoxUSB.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_1eb1ed3a2c402b9d\VBoxUSB.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7aef2613-a8c3-f549-bb29-4b977248e596}\SET5F8B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7aef2613-a8c3-f549-bb29-4b977248e596}\SET5F8C.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\netserv.PNF	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4afc2e7d-98c6-cc48-a71a-5068538bb626}\SET4D8C.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3f2d141d-4521-d34d-83ea-d409a9496c99}\SET5E24.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxusbmon.inf_amd64_92b271dae027ffef\VBoxUSBMon.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{80b1582b-ab12-ff40-8200-6caa21cb4791}\SET49F0.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{80b1582b-ab12-ff40-8200-6caa21cb4791}\SET4A00.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_9855768fcc4a8263\VBoxNetLwf.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\netvwififlt.PNF	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4afc2e7d-98c6-cc48-a71a-5068538bb626}	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3f2d141d-4521-d34d-83ea-d409a9496c99}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\netnwifi.PNF	MsiExec.exe
File created	C:\Windows\System32\DriverStore\Temp\{4afc2e7d-98c6-cc48-a71a-5068538bb626}\SET4D8C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_15909adfa959bbd7\VBoxNetAdp6.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{71b3f64b-dd47-bf4e-a519-a575e96e8599}\VBoxSup.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3f2d141d-4521-d34d-83ea-d409a9496c99}\SET5E35.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3f2d141d-4521-d34d-83ea-d409a9496c99}\SET5E35.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7aef2613-a8c3-f549-bb29-4b977248e596}\SET5F9D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4afc2e7d-98c6-cc48-a71a-5068538bb626}\SET4D8A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{71b3f64b-dd47-bf4e-a519-a575e96e8599}\VBoxSup.sys	DrvInst.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs

pid	Process
1076	VirtualBoxVM.exe
1076	VirtualBoxVM.exe
5848	VirtualBoxVM.exe
3084	VirtualBoxVM.exe
3084	VirtualBoxVM.exe
5916	VirtualBoxVM.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_894320761\manifest.json	msedge.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.sys	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1773931964\hyph-cy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\wallet\wallet-notification-config.json	msedge.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_fr.qm	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_924361703\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-notification-shared\zh-Hant\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1502839621\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxDTrace.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_ca.qm	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1773931964\hyph-nn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-hub\zh-Hans\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1502839621\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_pl.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_ka.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_pt_BR.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_sk.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\debian_postinstall.sh	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\ol9_ks.cfg	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-hub\cs\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-notification-shared\en-GB\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1502839621\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\redhat67_ks.cfg	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1773931964\hyph-el.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-mobile-hub\fr-CA\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-tokenized-card\ru\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1502839621\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.inf	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-shared-components\zh-Hant\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1773931964\hyph-hi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-ec\fi\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-notification-shared\id\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-tokenized-card\pt-BR\strings.json	msedge.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_id.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\os2_util.exe	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-hub\ko\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-notification-shared\fi\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\wallet.bundle.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1502839621\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_pt.qm	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_894320761\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-shared-components\sv\strings.json	msedge.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\os2_response_files.rsp	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-tokenized-card\zh-Hans\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\Wallet-Checkout\wallet-drawer.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1502839621\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-hub\fr\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-hub\nl\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-hub\ru\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1502839621\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\debian_preseed.cfg	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-shared-components\fi\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_780150899\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\bnpl\bnpl.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\edge_driver.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-ec\ru\strings.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\webui-setup.js	msedge.exe
File created	C:\Program Files\Oracle\VirtualBox\dtrace\lib\amd64\vm.d	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.sys	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1502839621\manifest.json	msedge.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_da.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_it.qm	msiexec.exe

Drops file in Windows directory 50 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI490F.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem6.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI2825.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{08123D53-81FD-48DF-BDD1-64FC2B977919}	msiexec.exe
File created	C:\Windows\INF\oem1.PNF	MsiExec.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\inf\oem6.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI2767.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2A68.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\Installer\MSI4D75.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5F2D.tmp	msiexec.exe
File created	C:\Windows\inf\oem7.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI312F.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI261C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI48EF.tmp	msiexec.exe
File created	C:\Windows\inf\oem5.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI5DC4.tmp	msiexec.exe
File created	C:\Windows\INF\oem6.PNF	MsiExec.exe
File created	C:\Windows\Installer\e5920dc.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2728.tmp	msiexec.exe
File created	C:\Windows\Installer\{08123D53-81FD-48DF-BDD1-64FC2B977919}\IconVirtualBox	msiexec.exe
File created	C:\Windows\INF\oem2.PNF	MsiExec.exe
File created	C:\Windows\INF\oem3.PNF	MsiExec.exe
File opened for modification	C:\Windows\Installer\MSI5D94.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem7.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\e5920dc.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI26E8.tmp	msiexec.exe
File created	C:\Windows\Installer\e5920de.msi	msiexec.exe
File created	C:\Windows\INF\oem0.PNF	MsiExec.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\inf\oem5.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\{08123D53-81FD-48DF-BDD1-64FC2B977919}\IconVirtualBox	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	MsiExec.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	MsiExec.exe
File opened for modification	C:\Windows\Installer\MSI27A7.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI316F.tmp	msiexec.exe
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI5612.tmp	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VirtualBox-7.1.6-167084-Win.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Filters	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876621517599826"	msedge.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28\52C64B7E\@%SystemRoot%\System32\ci.dll,-101 = "Enclave"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0B3CDEB2-808E-11E9-B773-133D9330F849}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E775EA3-9070-4F9C-B0D5-53054496DBE0}\ = "IMousePointerShape"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{21637B0E-34B8-42D3-ACFB-7E96DAF77C22}\NumMethods\ = "14"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{67C50AFE-3E78-11E9-B25E-7768F80C0E07}\TypeLib\Version = "1.3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{70E2E0C3-332C-4D72-B822-2DB16E2CB31B}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{86A98347-7619-41AA-AECE-B21AC5C1A7E6}\NumMethods	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5155BFD3-7BA7-45A8-B26D-C91AE3754E37}\ = "IAudioAdapter"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FAC49A-B7F1-4A5A-A4EF-A11DD9C2A458}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session\CurVer\ = "VirtualBox.Session.1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{97C78FCD-D4FC-485F-8613-5AF88BFCFCDC}\ = "IVBoxSVCAvailabilityChangedEvent"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D7B98D2B-30E8-447E-99CB-E31BECAE6AE4}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CA2ADBA-8F30-401B-A8CD-FE31DBE839C0}\ = "IEvent"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{181dfb55-394d-44d3-9edb-af2c4472c40a}	VirtualBox.exe
Key created	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	VirtualBox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7C5E945F-2354-4267-883F-2F417D216519}\TypeLib\Version = "1.3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B14290AD-CD54-400C-B858-797BCB82570E}\TypeLib\Version = "1.3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1D978B8-F7B7-4B05-900E-2A9253C00F51}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D134C6B6-4479-430D-BB73-68A452BA3E67}\NumMethods	VirtualBox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\VBoxSVC.exe	VirtualBox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	VirtualBox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{45587218-4289-EF4E-8E6A-E5B07816B631}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{D5DCECE0-B202-4416-A138-03502784CC07}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E36A5081-A82A-40BD-9E4E-42A44D6CE50F}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{1F99D9DC-C144-4C28-9F88-E6F488DB5441}\ProxyStubClsid32	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{28935887-782B-4C94-8410-CE557B9CFE44}\NumMethods	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{4EE3CBCB-486F-40DB-9150-DEEE3FD24189}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08E25756-08A2-41AF-A05F-D7C661ABAEBE}\NumMethods	VirtualBox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4F529A14-ACE3-407C-9C49-066E8E8027F0}\ = "IHostDrivePartition"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5094F67A-8084-11E9-B185-DBE296E54799}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{46735de7-f4c4-4020-a185-0d2881bcfa8b}	VirtualBox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0FE2DA40-5637-472A-9736-72019EABD7DE}\NumMethods	VirtualBox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{806DA61B-6679-422A-B629-51B06B0C6D93}\TypeLib	VirtualBox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0B3CDEB2-808E-11E9-B773-133D9330F849}\TypeLib\Version = "1.3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6AC83D89-6EE7-4E33-8AE6-B257B2E81BE8}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{78861431-D545-44AA-8013-181B8C288554}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session.1\ = "Session Class"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31AAB263-95EF-48A4-9CE7-EAF0D3AE150F}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5587D0F6-A227-4F23-8278-2F675EEA1BB2}\NumMethods\ = "26"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{b1d978b8-f7b7-4b05-900e-2a9253c00f51}	VirtualBox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{1F99D9DC-C144-4C28-9F88-E6F488DB5441}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{20479EAF-D8ED-44CF-85AC-C83A26C95A4D}\NumMethods	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{93BADC0C-61D9-4940-A084-E6BB29AF3D83}\ProxyStubClsid32	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C2DB178A-7485-11EC-AEC4-2FBF90681A84}\NumMethods	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{081FC833-C6FA-430E-6020-6A505D086387}\TypeLib\Version = "1.3"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{E578BB9C-E88D-416B-BB45-08A4E7A5B463}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EE206A6E-7FF8-4A84-BD34-0C651E118BB5}\ = "IUSBController"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C39EF4D6-7532-45E8-96DA-EB5986AE76E4}\ProxyStubClsid32	VirtualBox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24EEF068-C380-4510-BC7C-19314A7352F1}\TypeLib\Version = "1.3"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{334DF94A-7556-4CBC-8C04-043096B02D82}\NumMethods	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{A06FD66A-3188-4C8C-8756-1395E8CB691C}\NumMethods	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{50C97996-9CF8-417F-BD79-1E0471367CD3}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5BAE19D0-CA40-4CA2-A485-C8065190BBE5}\NumMethods	VirtualBox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{41A033B8-CC87-4F6E-A0E9-47BB7F2D4BE5}\TypeLib\Version = "1.3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A3D2799E-D3AD-4F73-91EF-7D839689F6D6}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C39EF4D6-7532-45E8-96DA-EB5986AE76E4}\NumMethods\ = "30"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{D3D5F1EE-BCB2-4905-A7AB-CC85448A742B}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D70F7915-DA7C-44C8-A7AC-9F173490446A}\NumMethods\ = "13"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EE37AFB5-7002-4786-A5C4-A9C29E1CCE75}\TypeLib	VirtualBox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{b79de686-eabd-4fa6-960a-f1756c99ea1c}	VirtualBox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{00727A73-000A-4C4A-006D-E7D300351186}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{4DA2DEC7-71B2-4817-9A64-4ED12C17388E}\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{92ED7B1A-0D96-40ED-AE46-A564D484325E}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
1056	VirtualBox.exe
1076	VirtualBoxVM.exe
3084	VirtualBoxVM.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2012	msiexec.exe
2012	msiexec.exe
1420	msedge.exe
1420	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1056	VirtualBox.exe
1076	VirtualBoxVM.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
664	Process not Found
664	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeIncreaseQuotaPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeSecurityPrivilege	2012	msiexec.exe
Token: SeCreateTokenPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeAssignPrimaryTokenPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeLockMemoryPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeIncreaseQuotaPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeMachineAccountPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeTcbPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeSecurityPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeTakeOwnershipPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeLoadDriverPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeSystemProfilePrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeSystemtimePrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeProfSingleProcessPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeIncBasePriorityPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeCreatePagefilePrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeCreatePermanentPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeBackupPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeRestorePrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeShutdownPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeDebugPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeAuditPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeSystemEnvironmentPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeChangeNotifyPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeRemoteShutdownPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeUndockPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeSyncAgentPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeEnableDelegationPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeManageVolumePrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeImpersonatePrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeCreateGlobalPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeCreateTokenPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeAssignPrimaryTokenPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeLockMemoryPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeIncreaseQuotaPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeMachineAccountPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeTcbPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeSecurityPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeTakeOwnershipPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeLoadDriverPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeSystemProfilePrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeSystemtimePrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeProfSingleProcessPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeIncBasePriorityPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeCreatePagefilePrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeCreatePermanentPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeBackupPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeRestorePrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeShutdownPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeDebugPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeAuditPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeSystemEnvironmentPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeChangeNotifyPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeRemoteShutdownPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeUndockPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeSyncAgentPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeEnableDelegationPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeManageVolumePrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeImpersonatePrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeCreateGlobalPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeCreateTokenPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeAssignPrimaryTokenPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe
Token: SeLockMemoryPrivilege	1836	VirtualBox-7.1.6-167084-Win.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
4968	OpenWith.exe
1524	OpenWith.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe
1056	VirtualBox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2588	2244	msedge.exe	87
PID 2244 wrote to memory of 2588	2244	msedge.exe	87
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 336	2244	msedge.exe	88
PID 2244 wrote to memory of 336	2244	msedge.exe	88
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 5704	2244	msedge.exe	89
PID 2244 wrote to memory of 4684	2244	msedge.exe	90
PID 2244 wrote to memory of 4684	2244	msedge.exe	90
PID 2244 wrote to memory of 4684	2244	msedge.exe	90
PID 2244 wrote to memory of 4684	2244	msedge.exe	90
PID 2244 wrote to memory of 4684	2244	msedge.exe	90
PID 2244 wrote to memory of 4684	2244	msedge.exe	90
PID 2244 wrote to memory of 4684	2244	msedge.exe	90
PID 2244 wrote to memory of 4684	2244	msedge.exe	90
PID 2244 wrote to memory of 4684	2244	msedge.exe	90

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.home-assistant.io/installation/windows
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffb6c2ef208,0x7ffb6c2ef214,0x7ffb6c2ef220
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1884,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2312,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2480,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=3044 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3464,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3468,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4272,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5472,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5724,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5724,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=6108,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6224,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6320,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:8
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3524,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=3844 /prefetch:8
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=3788,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=3808 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6132,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:8
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7372,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7400 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=5604,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7340 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=5932,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=5616,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7376,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7292 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7440,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7384,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7144 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7224,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7672 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6588,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6668,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7836,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7832 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7752,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=5948,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7152,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7552 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7040,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7156 /prefetch:8
  2⤵
  PID:4400
- C:\Users\Admin\Downloads\VirtualBox-7.1.6-167084-Win.exe
  "C:\Users\Admin\Downloads\VirtualBox-7.1.6-167084-Win.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1836
- - C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
    "C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5132,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5600,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7952,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=3836 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4848,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7136,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3228,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=3304 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6660,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5208,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5456,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7984,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8028,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=8020 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8084,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7164 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3492,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7164,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=1044 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6904,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=6960 /prefetch:8
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6844,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7576 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=5804,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6968,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=6676,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=3860,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=8172 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=8148,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=3796,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=8020 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=7736,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=7184,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5880,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=8332 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8288,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=8316 /prefetch:8
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --always-read-main-dll --field-trial-handle=8780,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=8804 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=7960,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=8208 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=8896,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=8960 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=9136,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7284 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --always-read-main-dll --field-trial-handle=8264,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=9180,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=8196,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7292 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --always-read-main-dll --field-trial-handle=8256,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=8716 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --always-read-main-dll --field-trial-handle=9204,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=8736 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --always-read-main-dll --field-trial-handle=9488,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=9464 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --always-read-main-dll --field-trial-handle=9340,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=9380 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=9716,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=9668 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --always-read-main-dll --field-trial-handle=9764,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=9788 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --always-read-main-dll --field-trial-handle=9956,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=9968 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --always-read-main-dll --field-trial-handle=9676,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=10156 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --always-read-main-dll --field-trial-handle=10300,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=10316 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --always-read-main-dll --field-trial-handle=10460,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=10476 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --always-read-main-dll --field-trial-handle=10480,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=10632 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --always-read-main-dll --field-trial-handle=10608,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=9912 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --always-read-main-dll --field-trial-handle=10900,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=10648 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --always-read-main-dll --field-trial-handle=9392,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=11052 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --always-read-main-dll --field-trial-handle=11156,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=9760 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --always-read-main-dll --field-trial-handle=11172,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=11228 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --always-read-main-dll --field-trial-handle=11252,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=11248 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --always-read-main-dll --field-trial-handle=11312,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=11320 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --always-read-main-dll --field-trial-handle=11864,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=11880 /prefetch:1
  2⤵
  PID:6200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --always-read-main-dll --field-trial-handle=11296,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=12184 /prefetch:1
  2⤵
  PID:6840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --always-read-main-dll --field-trial-handle=12180,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=11764 /prefetch:1
  2⤵
  PID:6332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --always-read-main-dll --field-trial-handle=12392,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=12380 /prefetch:1
  2⤵
  PID:6368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --always-read-main-dll --field-trial-handle=11120,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=9916 /prefetch:1
  2⤵
  PID:6152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --always-read-main-dll --field-trial-handle=12064,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=11712 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --always-read-main-dll --field-trial-handle=12380,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=12404 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --always-read-main-dll --field-trial-handle=11720,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=10996 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --always-read-main-dll --field-trial-handle=12620,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=12712 /prefetch:1
  2⤵
  PID:6812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --always-read-main-dll --field-trial-handle=12888,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=12912 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --always-read-main-dll --field-trial-handle=12896,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13028 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --always-read-main-dll --field-trial-handle=13136,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13004 /prefetch:1
  2⤵
  PID:6196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --always-read-main-dll --field-trial-handle=13248,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13344 /prefetch:1
  2⤵
  PID:7068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --always-read-main-dll --field-trial-handle=13416,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13180 /prefetch:1
  2⤵
  PID:6272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --always-read-main-dll --field-trial-handle=13648,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13008 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --always-read-main-dll --field-trial-handle=13716,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13636 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --always-read-main-dll --field-trial-handle=13872,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13888 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --always-read-main-dll --field-trial-handle=14028,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=14040 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --always-read-main-dll --field-trial-handle=13572,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13876 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --always-read-main-dll --field-trial-handle=13684,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13776 /prefetch:1
  2⤵
  PID:6548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --always-read-main-dll --field-trial-handle=14452,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=14500 /prefetch:1
  2⤵
  PID:6280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --always-read-main-dll --field-trial-handle=14632,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=14648 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --always-read-main-dll --field-trial-handle=13992,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13880 /prefetch:1
  2⤵
  PID:7420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --always-read-main-dll --field-trial-handle=14788,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=14004 /prefetch:1
  2⤵
  PID:8060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --always-read-main-dll --field-trial-handle=13652,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13180 /prefetch:1
  2⤵
  PID:8172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --always-read-main-dll --field-trial-handle=13576,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=14540 /prefetch:1
  2⤵
  PID:6660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --always-read-main-dll --field-trial-handle=14256,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=14284 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --always-read-main-dll --field-trial-handle=13720,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=14448 /prefetch:1
  2⤵
  PID:6388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --always-read-main-dll --field-trial-handle=14168,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13680 /prefetch:1
  2⤵
  PID:7396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --always-read-main-dll --field-trial-handle=14324,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13048 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --always-read-main-dll --field-trial-handle=14080,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13468 /prefetch:1
  2⤵
  PID:7520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --always-read-main-dll --field-trial-handle=14044,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=12616 /prefetch:1
  2⤵
  PID:7524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --always-read-main-dll --field-trial-handle=14728,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13588 /prefetch:1
  2⤵
  PID:7660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --always-read-main-dll --field-trial-handle=13904,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=14460 /prefetch:1
  2⤵
  PID:7668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --always-read-main-dll --field-trial-handle=14656,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13964 /prefetch:1
  2⤵
  PID:7208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --always-read-main-dll --field-trial-handle=10820,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=12548 /prefetch:1
  2⤵
  PID:8112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --always-read-main-dll --field-trial-handle=13656,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13032 /prefetch:1
  2⤵
  PID:7200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --always-read-main-dll --field-trial-handle=14308,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13056 /prefetch:1
  2⤵
  PID:8172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --always-read-main-dll --field-trial-handle=7132,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:6308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --always-read-main-dll --field-trial-handle=7400,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:6528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --always-read-main-dll --field-trial-handle=14644,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=14796 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --always-read-main-dll --field-trial-handle=14424,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13980 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=13424,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=14732 /prefetch:8
  2⤵
  PID:7236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --always-read-main-dll --field-trial-handle=13228,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=14468 /prefetch:1
  2⤵
  PID:7656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --always-read-main-dll --field-trial-handle=14116,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7508 /prefetch:1
  2⤵
  PID:7720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --always-read-main-dll --field-trial-handle=13640,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=13468 /prefetch:1
  2⤵
  PID:7572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --always-read-main-dll --field-trial-handle=13608,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=15024 /prefetch:1
  2⤵
  PID:6664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --always-read-main-dll --field-trial-handle=13508,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=14068 /prefetch:1
  2⤵
  PID:7992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --always-read-main-dll --field-trial-handle=15136,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=15268 /prefetch:1
  2⤵
  PID:7288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --always-read-main-dll --field-trial-handle=14040,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=15452 /prefetch:1
  2⤵
  PID:7464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --always-read-main-dll --field-trial-handle=15004,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=15100 /prefetch:1
  2⤵
  PID:6480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=9400,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=9804 /prefetch:1
  2⤵
  PID:7712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --always-read-main-dll --field-trial-handle=14412,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=9612 /prefetch:1
  2⤵
  PID:7644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=9652,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=9900 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --always-read-main-dll --field-trial-handle=8124,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7612 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=15424,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --always-read-main-dll --field-trial-handle=9824,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=10648 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --always-read-main-dll --field-trial-handle=10284,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=9804,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=10136 /prefetch:1
  2⤵
  PID:8008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --always-read-main-dll --field-trial-handle=14036,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=14164,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=9564 /prefetch:1
  2⤵
  PID:7760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=9184,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7708 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=9212,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=8060,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=9852,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=9828 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --always-read-main-dll --field-trial-handle=5360,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=8872 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --always-read-main-dll --field-trial-handle=5596,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=8792,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=8108 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=9612,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=9632 /prefetch:1
  2⤵
  PID:6580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=7676,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=11696 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=7584,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --always-read-main-dll --field-trial-handle=5108,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:8128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=8820,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=7116,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:7400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=7904,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --always-read-main-dll --field-trial-handle=7180,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=9920,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=8760 /prefetch:1
  2⤵
  PID:7064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=6960,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=12596 /prefetch:1
  2⤵
  PID:7516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --always-read-main-dll --field-trial-handle=7924,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=12660 /prefetch:1
  2⤵
  PID:6456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=7892,i,13594399052208980930,14111811666836911721,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5812

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2472

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4968

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2012
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 0CC69F361EA4566E3CABE009F9E53B9B C
  2⤵
  - Loads dropped DLL
  PID:4108
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:2176
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 2E7DAD57D105CFE92398780F8E29D1F5
  2⤵
  - Drops file in Drivers directory
  - Loads dropped DLL
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  PID:5216
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F81F9FBF752B7C83AF0F182CBF9EDA8E
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6080
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding B17B84BD1862686108F55118ACF48223 E Global\MSI0000
  2⤵
  - Drops file in Drivers directory
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  PID:5688
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E89F25AF31CE16CE7C334F88A5216604 M Global\MSI0000
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2692

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:5940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:5032
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf" "9" "431e52bcb" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4728
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf" "9" "473b17b7b" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4444
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{e089cd40-3a81-aa46-9f78-7027516288f0}\VBoxSup.inf" "9" "4edacf3f3" "0000000000000158" "WinSta0\Default" "0000000000000184" "208" "C:\Program Files\Oracle\VirtualBox\drivers\vboxsup"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:2200
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "8" "14" "C:\Windows\System32\DriverStore\FileRepository\vboxsup.inf_amd64_51feefe6fa2584ec\vboxsup.inf" "0" "4edacf3f3" "0000000000000190" "WinSta0\Default"
  2⤵
  - Drops file in Drivers directory
  - Drops file in Windows directory
  PID:1072
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{27e5aae7-077c-e847-bd3d-717a12dd8f62}\VBoxUSB.inf" "9" "4f05f54f7" "0000000000000184" "WinSta0\Default" "0000000000000188" "208" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:1756
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{2cc14277-a9da-e24b-8758-1cbe64289b8d}\VBoxUSBMon.inf" "9" "4e4e9030b" "0000000000000188" "WinSta0\Default" "0000000000000180" "208" "C:\Program Files\Oracle\VirtualBox\drivers\USB\filter"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:5016
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "8" "14" "C:\Windows\System32\DriverStore\FileRepository\vboxusbmon.inf_amd64_92b271dae027ffef\vboxusbmon.inf" "0" "4e4e9030b" "0000000000000180" "WinSta0\Default"
  2⤵
  - Drops file in Drivers directory
  - Drops file in Windows directory
  PID:5716

C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2364
- C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  "C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe" --comment "Home assistant" --startvm 0cf65b51-8dec-47f9-8178-2272ac843ae0 --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\Home assistant\Logs\VBoxHardening.log"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1076
- - C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    60eaff78-4bdd-042d-2e72-669728efd737-suplib-2ndchild --comment "Home assistant" --startvm 0cf65b51-8dec-47f9-8178-2272ac843ae0 --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\Home assistant\Logs\VBoxHardening.log"
    3⤵
    - Executes dropped EXE
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:5848
- C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  "C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe" --comment "Home assistant" --startvm 0cf65b51-8dec-47f9-8178-2272ac843ae0 --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\Home assistant\Logs\VBoxHardening.log"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: AddClipboardFormatListener
  PID:3084
- - C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    60eaff78-4bdd-042d-2e72-669728efd737-suplib-2ndchild --comment "Home assistant" --startvm 0cf65b51-8dec-47f9-8178-2272ac843ae0 --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\Admin\VirtualBox VMs\Home assistant\Logs\VBoxHardening.log"
    3⤵
    - Executes dropped EXE
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:5916

C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:4000

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4024

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x534 0x3ec
1⤵
PID:3176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5920dd.rbs

Filesize
727KB

MD5
7edd1d7407241a49b13c302ab1534f8e

SHA1
4387d10260f32f588504f936b69c4649be5088a4

SHA256
0d16b27a767ff6da9906fd8d79a8a3b67eae769415af728f751128300340693c

SHA512
fc0e6af6d2ddaa9c79978aaec334b21dc210ca03d0889d5354db7cd4efb0b08e651ac7a56c96cafd52d93fb1a956546b856687e6b50da8a3bdc12298747d3e88

Download Submit
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe

Filesize
2.7MB

MD5
c43f5aba07ba81826943658cffd8d6bb

SHA1
7239eebeae740489dd9d88b533b094fa17627375

SHA256
c420308c229e51053b9857321c718815ca5551b6e914b5dc44eb1a6faf45db0f

SHA512
e3e66f177fcbc7e51d8738d8079d6845c4038685694f9a6e004469f2b99be1bb090870db3de391a1e831b45fd84aa593c53ee33973c1f7cde0242924ac9daa6d

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1433833152\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1773931964\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1773931964\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1773931964\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1773931964\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1872711335\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_1872711335\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2016625519\manifest.json

Filesize
121B

MD5
16f004af39a3675a73f5c15f6182a293

SHA1
e7027edbadfd881e03d8a592ae661a985fd89cd7

SHA256
4e5ef1851bc910ceeb59a63bb53725cf5d8149feff9483e960b54cc26fdc419b

SHA512
8ef0d80259b5a38424676918f07238a76c527b643267008999dc3b2cff5c93e29ae85cbf0605f0d0b4f880fd6ae96254ebd30e5b80097eea95f5d27b5d461ff6

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2026131435\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_2107722829\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_248839282\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_669538752\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_669538752\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_780150899\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_877414673\manifest.json

Filesize
118B

MD5
3e4993f878e658507d78f52011519527

SHA1
2fce50683531c5c985967a71f90d62ab141707df

SHA256
a2fb35b03e24f5ba14cbe0e3c3d8cb43588e93f048878b066fd1d640ef8e59cb

SHA512
9d24ef876ac989e50e9d4d06732a4c4f61e12df366b3d4e5ff93d6a60badac36c3e55e7f13c2539ecb525017490a887fc56580ef8e83483019041ad9b13358d5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_894320761\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2244_924361703\manifest.json

Filesize
145B

MD5
465cc76a28cc5543a0d845a8e8dd58fa

SHA1
adbe272f254fd8b218fcc7c8da716072ea29d8ba

SHA256
e75fb1fa1692e9720166872afe6d015e4f99d4e8725463e950889a55c4c35bb9

SHA512
a00286cd50d908883a48f675d6291881ad8809dcae5aca55d5d581e6d93a66058e1fe9e626852bf16e5bb0c693a088a69d9876ccac288181b1f74254bf1da1a2

Download Submit
C:\Users\Admin\.VirtualBox\VirtualBox.xml

Filesize
1KB

MD5
d9d28bd2ef7192fb0efb99607d7a0807

SHA1
7fb6f32f1c0f227118613dd7779e1bf0a6e2ce4a

SHA256
dad710b076d96b3de34a58363a3241935bfe205b7240ce57f9d85bf2058e6dd5

SHA512
e058987d5fd8ea6cd3c3081c7ac45ce1e3719c4a38b46390133b19539fad35a0d8ad699023a3d934d18e3356cb6def62bd197b5a32ad496b620469c55d9efb13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
ac2c9610c02bd2101086468d9f2ed862

SHA1
d86b1d6e544530616fc2ca1e80af684933e0ab30

SHA256
9e33cd0616b2a01426d6769e10ee37b94315573e30be65291a047c02db3459b5

SHA512
596d06e2e2718135791246d8cc679dd399e6f161f0028d6af0278cdb9d4482fde7d48b9bf7617bad593abf5d7ad7e19cbe87dcfad0c5b3ce20717fe304082017

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D2F6556190F7B1A25A117FFB5467EEBD

Filesize
727B

MD5
c486251db8d5f4cd4b3775c5fe9b3ac1

SHA1
65d79f9a75369461866fd845fb5f08c9301470dc

SHA256
ebed5a5a7717f3253737c0bf43065231fd03c6b0834fcda3d925b66f19222b2c

SHA512
bd7262a0f9942bafbc8396c20acce5e20747806a344e47a37c76301cdd04f385041db72afeb978ff2993e6482ced50e701e7e1c6e7df597a6f7b18cfe92cb63a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
ab94f6a12039242a5d2a2cad900211f0

SHA1
281453843492fea171197ce3e1fdf43c93211e63

SHA256
eec46eaccedff40f578df802dc9d93ccdb11f9dbb672eefa859920dc4f431af0

SHA512
c4f2b3196bd5f95320c3ad9638b46270e709d26bc0635d5a52fce5d840f7c02fc4ed215a0031af93da41e3cfce2a4dc43cf1cda1761825bb6b368a203160fc24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
a4e66a961fd2bd5c99cd30459f42446e

SHA1
76d12e2f30c29eb87ca024d4953acb98e2e2ea7c

SHA256
dce6105c0d4e8d7b7b53491ac84c29f84281428fdd1799320e0fdcee7ad35219

SHA512
93abad052e3e2343515f3b0a2874f8cfef16565f473604a9a6d293b40ae407f7a6e72288596e9ab0f41a070b76c6cc69bef91e2bb890bbd19562292ae217d335

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D2F6556190F7B1A25A117FFB5467EEBD

Filesize
412B

MD5
b536f453625829c8da20ad40b0093e77

SHA1
7971208bc0f71edeb1a115f0fd1eeafd12c98153

SHA256
a1ae6ca3e27f1ff59557a6b4c9475284da9342f225896dfa3d090dc416501e62

SHA512
98d8a22bb21e71b54a90f71bc4c49e9282271832e8cddd767dca7767ea4a1c60b9efba6b45ab4b3a6450ec4bf59ec323a7cecd21296033f16e2766240a46eee1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
d2bce4d1b4bc8a3dc88362f7a554df17

SHA1
93236ce66dd79d0482590992328ed1d8d8677fd0

SHA256
7654acb0e3d016c8c393de09947cfa7129891f173adb7661a6d316681680f3d4

SHA512
0c623190cebf79687ec69668eebe0d646f3d158fe71ab8d2073b71d94d0b77dcb7bb4c3232ac30b206591808ca8efce2eb8c99b49f51b5e579619e52db7b0fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\3acba47d-de67-4371-84fb-12c045fcbb0e.dmp

Filesize
5.6MB

MD5
ff250dae30467b2ba4d9887e471e539e

SHA1
33f182b35839c9f99201ada4d5c8e423ed498064

SHA256
69b7a450fe7e6a2569b84dc85bba621cd930dca6c5f845d340bfa2faaa1ca05c

SHA512
5ebbcea789daf3cd98c8a1655d0debeb2cf007d1b411754a2fff51f67ef4546c1ca3103d8c1ea132be28722d76d96eb3b2ac71a1660b1d60eb9aec196ce7b7b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\73459d56-391f-4a7f-aa1b-6c89c4164bd7.dmp

Filesize
5.6MB

MD5
381ff470316a6f30de8c9d5c382f3214

SHA1
928d110e636337d670bde2a348a69f9ca90a1965

SHA256
22dab56c49324728d16c5afcc14ed2c620340a6b3250c21b00f92c956bfcb80f

SHA512
74d991a871a0b271d6aab24cf1d01e2d54022b057780a869d8baf818c0570b1bbd882d3ded3e6dae1d54df6a6046dec351ab8adaa380c7aac918fe9d1b31313f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
d79786f06a0cc1bac5e1231101d8519b

SHA1
c9029420e0e56d48b4c60c283ffe62120a5492da

SHA256
0e4724b2c29d444bc3c60d1e57771dcf5d6c4e2ec7cf08a7f26eda4080c588b7

SHA512
7f270217e05b3abeef272da1814129c311eb5c96cacbd27c460d6beb5fc86fa7b249093d7d401c9a9dcc99402f4db8bb2eb14bc24ab6fc7c3811f4b8f3aa36ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2cb79f1f-5946-428e-93d1-b3d33403ad55.tmp

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log

Filesize
21KB

MD5
fa564588413ec2c32e59d9043d3dc72b

SHA1
0eade6fd548d2963facd1cfc772b831ebab9220e

SHA256
e1f1533b52fa5fec3e251ed07d134d1586f5486aa053198a06a3b820b5812a34

SHA512
2222dc867b614902d8090eef3fce13713805dde862741d7ba148a9c283358afc62841d80f5070702389e9523d08421376dd044c9c641d1bfd4ec4fde9df0c06f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
85165c2943030b84eeaa9ea1af49b57e

SHA1
5b50dbf6c9ca8c71e047d58a75052c26a86a688b

SHA256
9898c27061c58aa8a1871c3e1db5d3850cc836feab3738a8c0645e65d9d2cb9e

SHA512
75a9b87b6c4e0e3bf390f252f9026bd50886d2f2458469641b65e4bdc3edd01f6cdc50aa913c9ad8ee5f1975418b601294776e975e3906744640eef8d1c2ac3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
cdfa3c872fb955849bf0ee022d44245f

SHA1
f8ecdfc4455a94c22ce7b60e03c3c164cf69ce13

SHA256
c6955cf7cdf428ca5e3bbd887f6cc61e8896ed4bef7852455742695ddc7b9228

SHA512
110a98f2e9dfc840ac8236b2d8230817008b04acf9254da92da863f0b0131f18ca8567b9ecb26428d228226779dc6f93aa7ece2dd2a5808a6ca934a526d5eee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
110KB

MD5
856a44c7e5f305d914f73151e46348f1

SHA1
ef7198fffde31f348f41c1fce450f7c83f2724d4

SHA256
f576eb2ecc60fe36e8222e836af2b7a7fc0e2f757159e970631eb2e496b0411d

SHA512
c429e91a2cc420bede1768600604b9e3695d0f29640da2880ba9c2cd528fad536b63e40e142c48275b21c3607ea3e5677eee2c2c4332c894ff70687069dafbe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084

Filesize
19KB

MD5
3b25fbd9be0594e7d5dd630003ef4194

SHA1
73d1b16b7b95ec2907407f06c3f353497e29a362

SHA256
0ab699ef1483cd423e0880e48701eb0f38d8d250a4f7e63262a5a10e587f6df1

SHA512
137ca7a8f12319721e9ad5a729c14c14cd560abad62366fe47d2742ed30e9dcf5f3a3c1c5607deee579ba9407ce5b5c1c737bc74e07e64dee65e1fc2ab8b0615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000085

Filesize
17KB

MD5
a673a4ff37878ab1cb36ed1079a6e033

SHA1
823159a712bccac71c5dbadc14f30b4f3592f424

SHA256
9edbc2b7d4862beb81dfce14ae3ae0cc1df4359c2b535a79c34f4cc5072afa17

SHA512
02f70f2c2441337733ab64539299f1739248bfb43aa4fe00dfcfa558d6b4ee8ebfec28a2146554380f759174d7b4f0d55056bac251a3e870d6fdd211c3c754bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000086

Filesize
76KB

MD5
c99f966767a99c2971aaad4890f0d323

SHA1
d6dd4e0199e653bd6663c5203dc3889e9b6c0baa

SHA256
ad5f0de938a628df6b0de66005e92497bb39c09fb8491ea7fc4d5afd600262e2

SHA512
02475dacf307541c4e2801b2e849585d4210990fff97bf5afe9f44f5ee46ae8ba21152295cd8baeeecba3005250d81e7d280007f0b8f57f77247a3e2588b7c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000087

Filesize
162KB

MD5
068c9583a0f4419ab38ff06951a6362f

SHA1
d93795c6be918202bc0d5a4b9d4695f7fc9ed732

SHA256
138ee0c926708c91b5794ddff423d1976936d139f5af0787db80ddae31e104f4

SHA512
049b7b69df4197091e5b69c62153e75668f8fdf5558b1cd99cddd5121a8d072bcad3f31d3705b218801e5a10b6178860b8d191c2023a7f699891a2de408fd37c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000089

Filesize
128KB

MD5
3594fd415f8f595dde84dc3130ab3ef1

SHA1
9bb578cdb94a452bc7ba906f9c1c7565b8a15941

SHA256
fef47ff6f1f43ac962f642ee3e567785860899035a728d62ffeee87771fb5f25

SHA512
752308f9826e956a044cb39d2efa3f627506f7958a5e4ceccaad32d56b73073f20795a039c8f6008d88153830ec65f4fcc87fa1f278801f45d8d007f1b6654c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008b

Filesize
128KB

MD5
850de9aea95ade483d7a878b4e00f847

SHA1
40f4982370a6f9793e469a5fbdc5c273880149a0

SHA256
5da6ed93059933b7aaaf811fe84cdd98b952e2b08ff08050e5d914f30185fce7

SHA512
351788e6b2c22c40f007c7d17ce225dddcaa3efaf3a7cc4ee815fb70412157b067d22fde0905710e463ed431540f697aefad1030375934ff533ec473a5f397fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008c

Filesize
128KB

MD5
e729e8699547cb5bfb4f424406b8f551

SHA1
5ab8f998ba9fc47a60c1af131c29bc9f6b656b53

SHA256
8b584c48779d727e3638c8922aa47b1413d8906130bd3c480dbe0774186d2915

SHA512
027438641482b3deb4c3ef779542f0ea5c1a97fa90a24523b645b9d53ff13e03da89a102f6edff4752d0a0b517cb131f3a8c7a4f54fe20f23ead8d357ad970bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008f

Filesize
19KB

MD5
935bb5d465d94cb39aef1382236a2ec6

SHA1
5dc667df91f97d5f6cb7b348f8f2f90bc2c2237a

SHA256
fd8f992d68fe06460dd6bbd387de7526c83ca822fcf83faf075ec666a5f34a34

SHA512
5c571a507d72d686e57fd1b6f6aea31178a5b575844ebf55d45d6412c0f3e2a1bc656540c3ae6555e6d0e8e0de3874679d6e073afebede9eb523f1c67b7cf841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000090

Filesize
57KB

MD5
6fd89696f92cce575af9aa323400bc41

SHA1
934c8596f8ddee6830725f84fda92d0db8be3613

SHA256
f5feff0cdf42945c5d2a928792b7322fac01c673d4adca84d6eed2f128af63ee

SHA512
31819492274e951b0011be160b9c91bf0d73e06c62c82983d6bc3127b170b76298b431d4a1cf03ba9537ba89bcd86d6bc3ff6d6923c5659cd72565d46227bba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000091

Filesize
58KB

MD5
ff6e74c08ad08c22e07451d3167d9520

SHA1
6745092f9efe5dd1971e732e1b45386050c87096

SHA256
55881379917c842f40aa098558f5071c4e12f4305b0ae0e62e064770e4709d81

SHA512
358babdeeeeb96b9a090fa647958a564a96a7089379084e704d857821a759febb451d160d3796822cc7ee0719cc53ce920c9809797ee4225a21ab2a32b693b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000094

Filesize
16KB

MD5
04e1f6c4827af415993124bead3b89d3

SHA1
fc9736c8a180d55b9f22fff832e11d1f22cd0e2f

SHA256
86e848bb80d1e1586f2059d8bef552080d871057bc318c2e204ca552bc18041b

SHA512
8469b83b6a271e3205bcfbd092271918dac86f6f2c1678c737eae06b1e2468188c070a5de98945462d813b9e6ed2fc54a3c4d9a024bb43316b9ba4c32733c968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000096

Filesize
20KB

MD5
9d5e7dfd5c74401ee1a9385a7d43d247

SHA1
e781856a557abb5182b4843643d9f8f683e9af98

SHA256
85a9f80e25c666d66d274b91574c8ae36771d9538c0e0a6635d7befebe881735

SHA512
32752d4efba3923531bbc2858a6cc7d299efb1dc149e3ca26873772fd22234ed7aca3b38fc92698f199945a05fd253e1d5a79f0f9281c2929f38987e640069e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000098

Filesize
29KB

MD5
a781145fc4b4d9e9785154cc8180cd34

SHA1
39592040b80074bb1b6221acedc18d8c1c117289

SHA256
82b71f8b67a65dbcaeee42a3971a544d379968f29b07243b1a13ad4788e41d4d

SHA512
963d27c2913494df8e22686d3cd62415cfe559ab066ed706cb2fa8934ba819bb7dca312c8f5b166d21fd7b63dfdb627696cd2280d02b66d43b4d9c41120702db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b3

Filesize
33KB

MD5
33f80a9cf7ff070b98dd280f3b0f910d

SHA1
8b6ec48d11fe9a86272f46c2608ce352650b3f40

SHA256
429b492221499bbc9673a34a816d5c05f174cad2db71e0cd8d2bc725915ad25a

SHA512
afc5bb6902451707270889d388cf8580215854d632e48f19229d091ac1215541c575455f6d169f8079610805ce4d37bdae4cabbfa8b4cbaba803000d151f6983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b4

Filesize
46KB

MD5
eaa23748d1daf63227b3dbf16cc60714

SHA1
09b47259bb45819dfd876f01e595fd218b040e6a

SHA256
2c5f92f07128eac0fc6367ae81a2e3f03d5155272a3dda3ab49af3e7ea2a3f2b

SHA512
3877d08614230aac400be8c8cdfe10fa91d19db4f107d761d10d7c21187c779baba6a66b988b39fcf1d0c722a7f4dba21bacacf98858c4f1ceb6deb48b86a1f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9

Filesize
18KB

MD5
0ade6eddef1659d7aafaa532db46cc84

SHA1
68886fdf041f9ddbbebe087e4a08c448f1bf7b2e

SHA256
304fdbbd0b6d309e310e9212d84c978f269fea44e503c442182a50d962b712f4

SHA512
859f367a82b3d8d7d8437211f20bf5e8c6649b6cd5bc5f83c6076276064c8de4e8405c2b027b7d8a9589bcf720cff86ca9d57557e338a441beb6248036f64b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bd

Filesize
16KB

MD5
222bbb3b0bd8e596c8cdf6a47b120608

SHA1
c111e452642af8283ea387a555919f8825ac8734

SHA256
d85b9dcfe83d64c88b4ffeea32cebdc7874290460110ac915738df183de98614

SHA512
d72a3696b886b8b1ad0b85dfc76240d0f071a23f5f61cf46a8979778c827176d30a9398cd2bb5710484f317040a9235c9a299bb2a8c3599364c6e200eda71c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c8

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c9

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ca

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000cb

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00015e

Filesize
83KB

MD5
b874ccd04acb6f542fe4617f9ddfe733

SHA1
60c54d8aecafa51668d9bed3b08ae44689eb1ec6

SHA256
38ac4624d5b8551572f29974e36194ee273d9fc05516f30780b4edb2fcca4678

SHA512
9825f2e1197bec03e6daa5f86d702c33a5b5180bc1a9730e977af8979f5850ad15d75ba6d9583da339b1b7c1dc3f74d89cd8e2915413427bacbbf5b483721d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000162

Filesize
1024KB

MD5
cb1c07de83e8b170e99deb305cdc9fbb

SHA1
8f968bbaaaf2c30e6a0a4c17a7b756266fa2d8d1

SHA256
2a8094bf7623807e0cc7791ca3cb7443015d4d96078277616c4fce18b37cfd7e

SHA512
1d6a699820615b90a6ef3fcdd4ca6f462f9a1a89a47037e78cc43ac690ceb0d9d6a0ec5346c8e1752a955185267171444b459f8a816b2879bffd9373a5105429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000163

Filesize
296KB

MD5
ff7f99a3c352bbf0126f88dc0a848e31

SHA1
03243fcd1fdbb0ef9956cb9d60a3980936bd6157

SHA256
bc00d62e19096ff2ce78d4c0867715766d2830573a2481006882dfe5d16448da

SHA512
fa25218f04da860695e23df8215eef8263b72ca8a6caefc476c9e681d6375c9ebbb6058f65f4b64d6dc0617aa2981c5fe4f7e2460fb374c30156d24775326560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000169

Filesize
258KB

MD5
521f8be8bbd2034c7f983357f1fc0989

SHA1
9aa0a381d56aa1330a2c1c046a6e7ba3a193d380

SHA256
db2c10101c396be8d7d17e45b338369785e33266edf0286771866b788799d671

SHA512
2a08b2f9ccc3b08ebac5deba433da1c7b750984ce63631e91d30e8c89c7cba6ebe16b5f834ab4e4c74fb953898159e85b1892220207861499d23aa132e6863ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000175

Filesize
67KB

MD5
60a30ef624fad5be472ee5d1acd1b2ab

SHA1
5dbb87bbc2e8a6143308e7928536ae778610794a

SHA256
d0ec8a13c2eb6a38d628cd7adaed308116164ceee003f816889b4db1735bfccf

SHA512
315e3ea4d4c6ccf6c14fc509933b01cb77c964b608cb95ce2ee8c331011adaf618e41cf4b8c499c4f6c9e137b88a34caaa7aaa44a69fdabed84df550e178d60a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000197

Filesize
52KB

MD5
bd6536b63decf7f7d7a4d3e9b25dd972

SHA1
b83b20e6626cdc64e9564801ab94f51e9cc4dde4

SHA256
a766401f78ce0b3014fa8836784fb64911cb9d84c3133d39f3a88c75f033ae36

SHA512
9f4089d0a787826ce137eb6e39cbb731bf1880eb884c97ba2340e4a68fe463fa51b1ba4315e03284bbc37a898fdbb585fc2488082e6e8b99d875d7a7174fea71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001a3

Filesize
301KB

MD5
86370cff8b7b9a87c4d35e18457dabfe

SHA1
e03d0e3ba52bdc21f4d0592e0933495892256207

SHA256
b0534f6cfa603a32044fdb36b55727553d23f8112f734e757e5edcf116f1182f

SHA512
f344f3dcdac9145c3a3aaaa6505e0b1fb2a8fd8cba1e8cf57eb9f9a87703c6415cb771ed055133fa8f93e289266d0b8f4fb966fdb57f85561643f4b36b845b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001bd

Filesize
102KB

MD5
9a6fcd6b92005e1e3eb00177ed2cef5a

SHA1
71a18a9849bf8f959e59a974a9ba4a8d07bf2937

SHA256
aaa8df56b4a2c6e65971dddfb5c643b7ab158b037b82b637a05ae744556ee8a1

SHA512
005a5dfd33b5e28b1459f822d61025087fa6a1a8ae7868e64e9fc2f8b67f596d16f427b21953288486b1ecc2df06c8830c76a28fda78c633d462e31726160cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001c8

Filesize
165KB

MD5
6e8e546d2a06409200ea3e7fafd5a676

SHA1
d4d2f599ae5a1bf265ce0725aef1a8d94ce961ea

SHA256
eb0a6994f4f7682f908331592bdfc8f760f47210ee8a0a56a64c71546aa6456f

SHA512
b23cb4958ae5bdf0c5916a372e7e60dd3b2a4bc5564ba7543b34b10a8598fb771d0f4310638f5035afc66b664f66d1982b905cb2aef86f29723d34f9fc995aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001ce

Filesize
22KB

MD5
280d0dffcf08dedc8ce52f25270bf1e8

SHA1
e9566fd9372120a6fb9760a131f8919934954f35

SHA256
ed51e026d37d510820ca0b811d1f774fa8eb13ce09775c5a891853ca072fb58f

SHA512
1dd8a347348a3d211bd8f03c30d7dfcf160d62ade9c354dd9649ef4591c874bd466d864ac0aad454a0b0e01f1149c1c5a95aa365affbd7d81f79558c7ddc39b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001d2

Filesize
28KB

MD5
564a80f06c5058cd19537375a47d2da5

SHA1
db5220e6e520a2011362bfe82a1be6fdb413cb48

SHA256
230a4ea452bc7ba039775d964e2de8a643a9fce5d9f74c25649a55031151d8ca

SHA512
fd617efe1dd3b9425648ea8ca5c7769c8e81e3f78caee6805b0671ed7681824dd135e90191a1195d5ccb8610b9056a07018483098ba473a507ecd100739d1c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001d6

Filesize
20KB

MD5
4b24739c5ce349f1148058c3fddc0237

SHA1
2adabee4da418cfe0263b2f6177eae8377f353d5

SHA256
1690d4123a016bde38123230c6dea716d9f6f8d9bd6d78d4bc02204a5765f4f2

SHA512
4fdabe9a33d0b1f2a1d1cdea42ddca9198158b7f2c2b333908ee30e2787ffcde58fee5bdea456702e3fb5209daf3e19028a14c6eadb0ca94668a7ed1e866d255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001d7

Filesize
19KB

MD5
f38c8b606cb650373b1c566449a7e659

SHA1
2c8ba870c882aabb5da60d168192eecb56b1785e

SHA256
9b6222ff794fd12f3b7b26354f77669bfd5c9481e91f044ca43a7ad0055ad699

SHA512
e5ca5c9e341c2eafa8f0fdbb57a0c0b78778173eb4e5582d8fa1916ed1c7bd2e7fdea536600c4a1cf0c1d998773d2903cd934c722ab9d7ca0df3170650012ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001d8

Filesize
21KB

MD5
779ea2ea11c1cc3fb2ef48954c3ecee0

SHA1
f1db8393735b7e7d641c746b303b6596cdae701d

SHA256
7b108ec13d6202ca0951d2118ef833e5c6f2d5c1343607e1c310a8cf9fc58324

SHA512
60114c26365f43bb609f25563b47ec676d93fd2b6b42c01a30e8ebcf1af318b2a4347ee6337443029c73aea3b2db7a9d247126c65376d7fec98bfcad3fc4677d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00020e

Filesize
29KB

MD5
4f67bddea4a4b56fa44f7cfe3d8e17f6

SHA1
438d0068eea5ebebe51681e9a99f4ea32cfe15e3

SHA256
b12c446b6906a8955e13fba049813b7367342208f2f605e636bae8cbb7c2a847

SHA512
341ad30b36804ec19a0299e99e95ca576474ea85eb853f986f0e8199481e5e5f6826d71ed660f408b0dd7bce3e2d28e873e64799a24c5803247b7ab356a276be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00022f

Filesize
1024KB

MD5
341833de827a89e1db15f551220dbea8

SHA1
0d6e13549b001caf1cc94865b14fd13858ee5d64

SHA256
f69f3411c9fc5bae67fb766d60e5f761ed08930b2b3c809dba8fd6d04b233c44

SHA512
f3aadd519dd6966e9389749b745e97a9178b283d886600e02686d2d77f0a8012da8194cd3ceed697001213b5bbb89e2f34be2a40923bc387826fd89b60c01f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000230

Filesize
53KB

MD5
dc66903cf29c47e36213393faaaac98a

SHA1
6bfad282d7bf66ca5747309daa97cd02ef30204f

SHA256
42a3c8e6e2e60f07f3d85a387f1460ac104a5010dd589e530dfbeea2251484bc

SHA512
61af2eb82fc36cfe8405a3958e5ee7db03f77817045637478b9d7b12e35098e298424b4230d53e1cb08706759e6a65d3cb16c8da681ac387dd44c7a780c2d8f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000240

Filesize
1024KB

MD5
1bf851d006a9be8f1c5c42304822194a

SHA1
d585ecfa6a0828034f1ed1ab0453437cf781841c

SHA256
af246ee43372090e383fef0b088fa0576209800153790a973cef1d76c5a00c62

SHA512
e9eee088796757032e8d62e1eca02d9ef0cbe88bcb90f60de321e847d5af54f9417f9054c01a2c4df928adbee248b94d34e7b1fe642263b00dd13242553170d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000241

Filesize
63KB

MD5
29d80ae62081e49965e5e22bbee3c8d6

SHA1
4a37cf9c6a93b836c7a2373ff8bf98aabd52cc62

SHA256
939f33c4011821e27b9ca3f404794bbc607ebfd5d2c8a6dfe3046d319f20b047

SHA512
76d441289195461103e96d9a13e1a42945fe09149c17f5de9e68a1cd2e9b00dc073cd9f632d615f45f5cd2808b2b11caecdfe7bbd2892fff90746824d293e5cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000254

Filesize
21KB

MD5
692787d9c4ed62ebcaa48783367cbd9a

SHA1
b8fa5fa8e1bfaef7cef18a76aa0d27d4a33b7dfc

SHA256
e8904951802fb29b8fb38270a3a789420a4113b4f0de729c2b3499ab0688bcb9

SHA512
d8cb607118df732e44a2d7572cfe2ae4f5ebe0dcd90d1b01de79ba7ca618ab77a35f2f5e51780f8cd26b5d9faa57b5332b3ecbf06bd8b4561ebf93743d48134d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00025d

Filesize
739KB

MD5
a5b916da33041ec24d5a29b1316b175a

SHA1
3c74a5afdd4c421a941e80698bbcfc3629d2da52

SHA256
aea03de13cbe1623720770dfc9a4fa415ad8346dd45429a4ec6479e89d2f4ac5

SHA512
6fc11287b4a92b616baa00af4cdc131ebc27e23454c6d671457e619fd33af45ab33cf82560fb7f2b8a97b2155fae85ad0794dcf0f7b0c0a238fec20fd6e81ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000260

Filesize
933KB

MD5
ab78ec0898b5fc18b262a9e900cb59f4

SHA1
e6eaaab222f3448cad2cabf902c4c8f705bbe334

SHA256
e3cb697a3517067d4874b50a5ee9853b52a502fc08ff02cbdfeb60a695ab47c9

SHA512
e5399a71c59654312356cef698254eb524acd3891770fc92029a8c4a1ec5d2cc1a44a888bea422a11c3fd0749dcb878be647b193dfd55baeb29ff054a12b724b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000274

Filesize
65KB

MD5
06ec612f641573b400fa1227ec3c5635

SHA1
73c447cc9c4b921c5d06eb8c8e6fbaf1245caaf1

SHA256
a4f5a530cfd93395d7ea7235c6d82a2ac25df6dc10785eed93b52514a090779a

SHA512
edc40b66ac5b45907a5cd88de22d00249e300a4441c55b3e9fce730581180930f0e29dabf636a706e8bcc52f756fc02ca4d776692a0d72e56c426c57f1f76c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00027a

Filesize
1024KB

MD5
51302e77cf4f4ff5b702d02ada1c176d

SHA1
430f4850d1066b9ad325d04ce634f6ad7e2824e4

SHA256
bd3b5024bf6268955e5ca1a4d399260c7d7ee8b075efb8f45c4f1e190978e6cf

SHA512
2f5668fb047671e86368adc82fc698d846d05ed280217bd3f97a6181c3acad96dfeedb3f5b02a3afd1244a36141d3b87fa9e0d568bc21cbdad48a1b8c78379ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00027b

Filesize
208KB

MD5
d51dc2212fb4bfabcf4a2a560fe4d13f

SHA1
a804e2abd3f03457c18881742a6969a027f195cc

SHA256
28ac820c6ed01de823f1704e6e59c0db5ec13ba8ba236947710519ec675c8315

SHA512
f4353e06fc2ff8dda0154118c4b035d19b1256d05e372a4c9f6bb40e6aa77515a88e362a4194ef5371cdc2c547a74bd6eeba0973596ad641479a63d1cb98c8c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00027d

Filesize
813KB

MD5
3e982325ca04ee34b63b755890cc1da2

SHA1
d6c57aa65c3e13b52057a6cd3a93b20aaddf6ad3

SHA256
b7314e37534f31437df5d71e02fc447061fc6f6720190c9264ad6fdbee8043c8

SHA512
283b699cea833d3e1b2ed20da132b63811980fc86a39bbe6e81d26b88df2636850e9ca10fd6d4f52df35da6eff83cc44bde8f2c5b9438cc92507372d1ed14e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000294

Filesize
1024KB

MD5
f8c589fee9516747379ccf6da1f72e1a

SHA1
08a80a863a9b3fd102b7746446b8449e6c635cad

SHA256
18b5ff13805acd01cf25feb1e0d768787272ef982ddc501c00019e7a8cf4365c

SHA512
506fab630914dd8406ab29fe5eab3d72a821b66a5f4017e63f08254860bd52bb4b5949a7ddc4404153121974060217e955e287bc1b98da70dcdc8af2b0d1874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000295

Filesize
1024KB

MD5
2ea02a700698f9f24bb30d4f3ab979f3

SHA1
5548e90222e768d19f6a6e7e83afce71ce10ea01

SHA256
e0d57d1047c6ae47eec8b75c80c27751176e27ad0badd1c47a32cdb916978818

SHA512
72634a226a33aab124f8b41e8ad412fc1fd2e844f5d98c0f16b0490e98cd13e361d58b4845d045de205bd6b92475e2e4fbf6b2dd0d4ac764d8dc947ec8f687b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000296

Filesize
1024KB

MD5
1df5f6cac13cb9126d7b395423922f33

SHA1
cfc6aa2d178d9bb82bd94ea2f65bcb623798b833

SHA256
1cdf12e4b0c457d112c14fb4df37611f82e0e217b936b20eeece523ced3ede47

SHA512
0695eeb2e57209d086c67904af25d80a758f9ae10262872f74771ee9fa1029f17e968a7b924d694f8312b73c184c3a51aae6b97550889cc68e0aebf1062ac106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000297

Filesize
471KB

MD5
1a1b1b7280c7d863c321aa8919fe1e71

SHA1
1db68fd1a6fcb3868b106fdc1f6f8101a93ace40

SHA256
01425b4b83dcca9a16c4702c4e6dd2db3a000512b6cd13232ac8cb675175a2d0

SHA512
c32c6de0f8c467187463ac2b7982fb0e0e23784babf45609bdf7bb4038ae817a7d56039cd42d183a6da78d88b95e6cede68890bf43893adb02abd2dc07215cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
11KB

MD5
584741747a4efd3514bfa9f894b145ec

SHA1
5f6a9636c4782732067e3ed9b9c71652018c391e

SHA256
3809b04036cba9b169a14ecaacd09a1c6fe8e04affd567c61c129cc700d5c2ad

SHA512
c5d17a106499f30d5fbf1821b34ccd92bbf99a41f493428a241e021b30574b983d82bbcdb2c4de94cb53447dec7a46b09adcc981d7a8ff9968c2b2897ab5e4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
74e1e435d2f1f35fd8c14da76b9338f8

SHA1
bcb860cfc3185e2b20b84614bfce2128df25937c

SHA256
4425f153db0edaff59ffe2f71e1c090bb6a1af45ba10967e0617a442101f0eb3

SHA512
31ebee4914705525fdba2c26371e1b0bf3cd0eaf9a4418111e1e952356716c9671c720181f5a9873c470ef957f64fa9c164eb106c53674fdc3c91dcc4f7849bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
dc56ee8bd3d33c38424745f135560727

SHA1
5d13a8e680cd034e02d099d316c77ecb3db2c04f

SHA256
80e59443ba94bfa577076e43ff5b3646672e6f8889aaadbb6a66151c4c740acb

SHA512
7de55f52d00f97773acb2db3b2286a004dd371c72d9e323e74db5accff8bcc36dcb605ad54aa0964f166a0c2b3db7e0c0bc9acd6d582b46c5d7fa1572370dbc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
f2f3adff91f7b4013c5f1ed68d9008e2

SHA1
7608508fe7808bb87a681141f01a0ee556b9de8e

SHA256
d34a911ad81a819f866d8fa3842df52b6e23b870ba8b5c704bdf90d901c8e8b9

SHA512
ff0d6a49c92dd76145f0ebc8174ba7328d1401d6b59e2fa0e043c236c3befadc72284288d2a58de9c3030b9be62a52e5249034fe1543c37a42a3e9bcacefd019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
e646e1db2376ed8fbb617198763fcfa3

SHA1
65370d1969e90efaf164923cbd742ca869143617

SHA256
8b679a06614db587389956254e02f319dd1116bc68f90ce6306e2bc23c6c73bf

SHA512
83b7b6558be214140fa7f684cb4279bb2517b2e045138a0ce9938d1dee14e637b22b25ae4a65854655e6b3d3ff7ae3b3796271ea2e45997b8011bae69d4d30a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
5a7ba718bef28a8f420976ab27d29a22

SHA1
82e545478bf01ccc910ca233c1bfcf1a2856e80b

SHA256
97df4466040d245cd695a8ad3640ea12708cbb39b17b1ee4996bf99a7be74d6b

SHA512
1a59e4fdb6e422d951cb5903e1f4b0928fd0ac1a3dcc71681a55e73f279ce2233ff9c553535a7fffb7e8924fce36cee5458fff182e1e53bfa54630e4d0a58fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
e337f1095b634c7735922284263886a7

SHA1
6e413f261946980cc027d1b2498ec4d04b647bb3

SHA256
561540c850bac0fea6aafd801db74ed0cd71891fa983748bf9f61f46bcdf48f6

SHA512
ba26a30ec900b39f09ad234ebdcd665cf20105dcaa1f69b39960793cca3de6947add977e059890c847c656de074a351cacc00d75c38afbc63c4f085871145d47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
1e6f1727af6f45cf3b07d11053d70ae2

SHA1
104fe71a0f2d0d7bacc0e4d3145d91036c51aee4

SHA256
69f25e8e34c553901938043942637c69240bab8739b59e60c000349548352f3c

SHA512
560ab75406c75e2fba2f0aab693cf48b785a9fca0b4eae54c97086b6bda799d5ee452f692e8d6f05dd926e845e6093e794e502f596c8565a5735172cb501e5fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
89833c44372175f32439e7187af6fc24

SHA1
942195625527c211c15f313e2da51ee8d2166e69

SHA256
8289b6b9376e4303e32b96b2cff9807bb7bf681a4faab5cb6e8d1b1551c1e018

SHA512
01e3d6192e8d5dac704fe8c267b2efb2ad44bb55b244e7b5143ed4e6693e7ae3a217b1c4070e2ac13e0a437b4704fd2b9b886131d6d2fa0edb29a6b8081ad42f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
3735a60b870bb695c1a88f48532e4088

SHA1
a182e7642e711e2b5a239be146428092d07ccd5a

SHA256
5d6764cf7ae9136a267d7928f15490987227f1f645e59074da8e6ccdcba298bd

SHA512
2f493edf8b8ef8ba0ddb68971cac1bbc3be9245df885892153f5d22d5f4dff38223b7f05e2ae1bfce71d006ca3b1d80bfad52ff5108c7a1d67488f37ff06c2cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
faa59530c2a62407d98fbb18eb6b4392

SHA1
1a09a88f065bcd4a49ffe0538b97acc4192c8eab

SHA256
f5c7c4e4511ba6f1eb6852e89e7fed9de53572cb2b3b23af8cb80ce2f4fcba5a

SHA512
ec4811a47a17943b691d7d510bb5ccbf7f9ef9a687414a33bfc96b6f5fec36885f8a97b09ecb10ec9826126089fd57c9dde7777421b2d40dccdca4a1dc126879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
45aa3f0a5b82687a3a16f323f3cc41bd

SHA1
acbe595c3bbf664f7a9b7b7c2c187777adfe08b5

SHA256
ebfe4bcf2dc2db19aae43fcc7767fb2d5211ccba93ba409a4488fd4584c108d6

SHA512
afb3bef50bc4a363cbc2c54732f388b7b917f3764b1f871639fa09d366f47a6afd40acca0f8fb05070bfaa83ecba83e11f76d1c96516b99c1bc682083def7e99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
dfc24f722e271e3db5c043b824ca9fe0

SHA1
f8e59b8d3d510a8da3ebd7d875357ede76347610

SHA256
b013d701fdc932e6e1a309d2123e774206b716136b97ebe6fd16cc3d1408256e

SHA512
2158d8deaa8913ea09c02208b4b6f111e96cd803c73d664a3016e57588d487a6d14787d6762e1818da6013b1fb160547b14cd12850f12c59d92acb89e2c897e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
79e570c4559f1adbd4c519d817e58f8b

SHA1
e9302690c7fc0d7a81d3ad33cc6f82603b06dd22

SHA256
906de9bfa4437a39620f5af49d302f6f3c4971c61a461695c0e60f07c5bc6f44

SHA512
6f95cf2d1d1fec7f059db787a6cad6ea9813b4f38a8126702889ea8615b4be881dc9fb329a4cc474689b2119cd38240baa397dc39ac37e5795af869e59150a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
17KB

MD5
90d45325e4451d92ee97f913b6a80118

SHA1
085b2b6baf2370ec8bd7b180e7340bfdc8a6d2c5

SHA256
623b8d27352024ded4c87dc3d1cc8462657e02b3073c040dfc7b49c3dd431adf

SHA512
93a390784d05c4cf73801c5c2234650d7e5808f95eda48da52cf35800ab8eb4251a58d961735b35dd2602db65af5e504d7665ba001cdd9b22c0adf1cdbca3bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\000003.log

Filesize
33KB

MD5
381b777756e5774b6f6c750208336a1d

SHA1
f232d93bad7cb6452c31577faf92c16ca582609a

SHA256
e2eb6704d5448d41e119c025c7977cddc7b8d63db75f79106e89a8674e71f7f4

SHA512
a03744e3b8a79026fb2cc3a8c11f9c06e0ef0db9f5cd522c028869fb8fa3ca853677d82339ff5750eb5dc45a86da2ed41eba040187dac046fd14424594854cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\LOG

Filesize
383B

MD5
276e06510d6ae8db5d8f9e22fa58e90e

SHA1
eb095a54a301ee87ce7f2c144d76d1069f2ffd60

SHA256
0c58327579c92e5544ff03fb365e9dab3884d0f296302a2d22bd978146550965

SHA512
7c0ffaa9d7071e5cf097276d27903c2d846c9bd7a24c16f1de876cc6f4d9ea59bc0951c771610b50ca2ff9f425244e1c9e8569b9a8558dac660f9b7a6d3c7163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\LOG.old

Filesize
343B

MD5
0af76ec2c7921c517c82f4689950f820

SHA1
980bf1d8b5d29d4e2d40407b18be8e37360c8781

SHA256
0fc05c02eb477c92d0b5cef05d06c0a737c7f2103e76c9e27e7a4789952d4de7

SHA512
2e7d9754b096963b85a90690e679c7c9caa7aa7302a756afb59d33eb2e131b69815789a118e7e55ac39d9c258265bce4ee4f03cb28eb784150c5726a825ffd2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_techpp.com_0.indexeddb.leveldb\LOG.old

Filesize
381B

MD5
e38c8a7cde84609bb4ed4b1a1bde53a7

SHA1
67e36b8f10389e6474c653fa1f9e65314335c797

SHA256
dd645016281d1af2fdb5670f27bd7cfaf9eab7b03034f962ccfeacaf8d66d765

SHA512
d295da1326e45bb69a35ca8dffa3555a1c4f47915799086bf3090e620fce56ed612037b25b57521053ab7b7522071bfbb9c2700efadd3e3823bb2867d4f8ca15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_techpp.com_0.indexeddb.leveldb\LOG.old

Filesize
381B

MD5
18bc95b95bd8e135411f311e34b9d5ac

SHA1
c9953882e58f5dbd3e0ef96777d3a8abb6e210b4

SHA256
60dfb0957d084acfef201e1640ea67ec135ea04124ba7780acbe28fde01fd27f

SHA512
e4979ae124b85275088c843ec327f6f964353a1f39db9e9d09e2e115331d2e83cb677906c3c5e08dca57cd9d7d79884bd4c6ebf234817162078b60fde36702b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_techpp.com_0.indexeddb.leveldb\LOG.old

Filesize
381B

MD5
0c33d8d84e9e4ef85beba86e50e499b7

SHA1
ff217ca6c7c67a99a6f010535f5d54d4c173a23c

SHA256
7cc78c7ab52212ff98ccab554f0907781db0ec4571347f5fba6876ba25dd68c5

SHA512
8ef60ea75a9098bc38d0008641644545d138a76f7addc4bbff2fe21af9846c5d574a44de241b225e10147bdb73b6244057e2d20f924896027a94158eb2921973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_techpp.com_0.indexeddb.leveldb\LOG.old

Filesize
381B

MD5
ebd2e03ddeb57913ae1281d487022354

SHA1
ebdb5b7fe3a68e8117ffab987522e1ef6a9a729e

SHA256
62a423c075e77bf7b7ae521b9678c193677afc209baa9708ee080684f2e6c7e8

SHA512
8898439d99e71dd3162272071651918fc39e721a1dfe761ac91a578338b3d80fd23809af7f0259cf877e326466c09c832b968bd0e2edce5fefed056cb70c2a48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_techpp.com_0.indexeddb.leveldb\LOG.old

Filesize
381B

MD5
6cc916793d9b1b7f3320f6be309d984e

SHA1
b7d9a0950f6d0601ebb0c2d1ed12771ac1cc75b0

SHA256
88d5a008b75f4bd60f0e1bc1129318e59a71bdc5fdf47b3409f65568d6664790

SHA512
ebcd46ada8e66cbd0e715c7605f538355648e6ab7eb3935ee5b2c5da4d6165e8b5e8df7056197c2b629a8c06f1d370c48a61558bd1369505a9d51d85bf1f4178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_techpp.com_0.indexeddb.leveldb\LOG.old

Filesize
384B

MD5
2dcfef0eb9af4c0ae1d5fff4535488c6

SHA1
dd2c860d310e7ab68b761ddbab9c0f5532ad9c91

SHA256
f43214d5e3a90c59fa7b531cc9da2da9218a5da28d76121064402fa8fa933c44

SHA512
993547b8e259ae92bcc202999eed40862100a4672d25e783fc733b5ff72a95cea07aab95e97dd07a14895c4369718ddf068368c99a6edf453cf05f4e967ba331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_techpp.com_0.indexeddb.leveldb\LOG.old

Filesize
381B

MD5
c9eb0325c79922f6b78074b7337ae580

SHA1
9c3cf3d0bbfc50e74d6fe912993be4d2c5a46d92

SHA256
63ad027b990eda0f3c2b8e15e27cf9dd69cca85db172978cb6a19dcc2ea91c91

SHA512
f53777e62cc561c46d06b01c2829c544890b117d18d3f924f97bc07ac34032032232183755553376634309c326ecdc5385d99f368fb2311e741adfe9bae9eb85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_techpp.com_0.indexeddb.leveldb\LOG.old

Filesize
381B

MD5
2d0cf9842d7daf63d3ced61209e4a09b

SHA1
c8af1ebc176eafb7d8e3540c553eaf0b6ad77ad7

SHA256
a3520af460b466e381c75703045541e3d5f7dfa5e4c288ac0cee58b88bb30ef1

SHA512
6eadb9af3b9034b4bea2ad3b8672b090a1c10faa5131f42c7d0e851a0e12ae8cf06f9a6685557dc4b718223f2ea5eaa8d9b8af658caf3565acc2a827fa85da65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_techpp.com_0.indexeddb.leveldb\LOG.old

Filesize
381B

MD5
1d5827547aad84a1e7cc02de31269a63

SHA1
6b086c7971faf1ab516c87f50bbb6d7739ec79e5

SHA256
57c1c46a714138aac369a99f93ff2cac61fa2a215914bd046994999db5831390

SHA512
0cf0ca79f97d86483d2bf7be362db2f8a4ceb7d30999882a6204fae80d00d1c7cb6b31f17fbb1a04d23cd0ebacd4696edc868441fd24ae4c35f0caf120d13fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_techpp.com_0.indexeddb.leveldb\LOG.old~RFe68c9d5.TMP

Filesize
341B

MD5
27e5c6358601a673001d40089700d694

SHA1
0ec466cc487161a86a62db07ec17ce0b6fe6894f

SHA256
c42f9e8d9dfcf0ae0afa16b93a0a3935a37ca0a7697f61064210e3305729ea50

SHA512
fce14cc0f5ef88711e903962a8032e31334eb9a8be9f9a55458fe24bc0218a1cddf78f20305a833a17c12d591d7ea59297bad5405cce20572f34c2797215add9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
79KB

MD5
7a59506ae3cbf01535a9837eb3a9b873

SHA1
ec453ab84cee99dc7aefbc7138c394587267f2cd

SHA256
09d9506278dc147118015bf7c96cee22154a00b45c32d508631ba87d578ee907

SHA512
5b48845b6e09cbb01b6f460f423e2892eb98fcd409711a574f0ca9a1c10c45272f29dff0c85e4052ec799fd5b09b70a1f8cfa726a929b4913a5df4bcaf25d86a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
8fcf2032b344ccc9a4b9d5d4f44a6a1c

SHA1
eb306e79e5b296ff257a47e1d15f890849fdea03

SHA256
2ab8daaeed0584eff38d69793bbb68208d022d7dd6e3f78ac3eb3f5c06675c37

SHA512
37498b5e2c22975d934680af64647c7e389b216d156b442bd0a96a6deed28e481a757e8b784a4e7cf5a629a6bb33f7e07290665f53c6b7bb483d4ac5b3952ec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
fa395260dba05433722e247b2b3092d3

SHA1
0c43dad94c7103f5de6d35ed94e53688c1114e2e

SHA256
9e4fbb3df50bbb0e987798c28ae2e24d187c546df8d17263520565f34e3d727e

SHA512
8d4b66969edc770457b38d1190d91306afc9246e36f4d94c0946848a877972de7b936b83ef1a97f5473aa078e06fb81e8804aa20ca1527b139d2c2b3e52d0a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
86fe2e6959988c7449418eb334332b47

SHA1
6bf4f8513e129feee820f19d1516b86f4a2fbf98

SHA256
0c3ae502020c201c4bcb34ad73fa342a98d71389ed63b912414d447447a284d8

SHA512
0fedac7ab0333f9ccfc8f5ea975eba2e96c2eb8400a04040475696a1ff7548280482bbd0de8570609cf6ed4de7fab933028ac8fb98d40d56e49448772189421c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
84KB

MD5
bcccafc42d9f677232048812a73ecd0f

SHA1
951bee98566b2b054986eaca2dcb69b3a826843f

SHA256
976df5107f2a316bae8b29efe17ffeae01b78e646012e15d20522a34635cb7b8

SHA512
509be463b50ab79aa71d5cfadaa37cf3f709398887faebb9b4eec27eef1a52bb87a363fa129a7d4ff85d35f0b9d021db2e07b431509ca1e96befedb7caa48f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
87KB

MD5
4bd74781bae3c015c063fea019832311

SHA1
e9ae2dcd387b39e5b32c1edca39359c9b1225384

SHA256
072eac9532d2b81a84104413d7996f2cccfdfc4851060440c72a385efbfa86b0

SHA512
3cb7a337d53e596af4a8381fddaf9b9b4ecae2fbddd9fdb3e2709470caf2aeb62b400b236f6ecab386c20d0f579fb0ad86877f234c9a2dbea5d384cf43179323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
45KB

MD5
3acef45ff37f55105b76b4ae68954320

SHA1
d6a7512b156420a8b6173714f843eddf90335cb8

SHA256
35a13d4dfd88b9277da2891d2ffddc07cb9e1e81810ff3024a7c9524ffd4671c

SHA512
6ec9c38d998e2f8c11b8c9c869a203107c24384d73aba7c8bfa99a0aa57289978cdb80b8aca3de6ca73cdefbb0a80e738d6d8056e92a6eb7ade3c2d11ca1d9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
79KB

MD5
267d59741ea958a02c2489e28bc047cc

SHA1
ec2d19e0eeb97bdab5d3b53e85bcbf861ad1ea8d

SHA256
21ea3d476bbf895891124e0a093fe0184a45d5df6f7d5601de141c6d574aca63

SHA512
47de9f20fc5b7056aafc54ed70db3fc6dd0a254bc052741681492e7561d567332963b8f866e198a5dfcaeaf02ac54eee79ccae9a0f818a832fe0ccbf6acea2c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
37KB

MD5
a2734c92faac0ce566f5975b6507638e

SHA1
29460b04fb513b34c30529325660188cb5a548fd

SHA256
c29efb873d0259018f6b295776951910bd76722645c13b446718f3dca502db75

SHA512
9c99da0593d6cc1e1e559f020e722ee57beadd9e46ff5f9ad90a07f0753f443a325cf4fcc33679e89ceec57c573546f9b71b3b33cc4f189f4f5868aeeb22522b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
67KB

MD5
bfb7bae8dd4c5d1cb3a9dcec52c20424

SHA1
7c4a28bc72305ab9c43d45c6d8e8164eb6db2b0a

SHA256
71b46ca934c01f53c7c750fd47c9408793efb737820422ce53380e615e271b24

SHA512
250428f346e78ce34e4b3b92165ea1c391ba504a7ca00c0c023c59f10a9e6abca9e1d702ed2c7c29d93e7a90a99381cfbc3564039f4a43195514112cee37307a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
82KB

MD5
49ac176096ba5a762f0d45d368a4705d

SHA1
bed73de5d929ae2320e33faa47a771e67cf16c47

SHA256
1f8715916768d5c59f36c5c6e3209846c930fcd76f40aae00a9208cc24a03a9b

SHA512
6514528b0b1d1b4b12499b0b461c5138910ef3cf162edfd481da6620d27ef1ccb8f8cc3856cc2914345f41eb94581942ef8cbc8d0c7cd1618620fa139868495a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
10769f941c05512de5c8b3e3daf85919

SHA1
9cac63930cea88bbc3f885af5a3009bb657c64c6

SHA256
6895efec703ee791ccde35eb787d15d7710d8295ed9ba02b4c212b00f589e4ad

SHA512
edfa770ec440389854f5cbb3e1724a8705a0bab9c380aaa2481560b20bea390b9fe09c461fe6550846ea062ed8adb2b745603cea8594f319250344ff5c29b220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
c6506bdbbe9541ef2a7e7918b8236fba

SHA1
62ad936bb63d594524372bd063b21882e2400b91

SHA256
fa7f2be931a1bb34ca055aad9afa64244e9664945f0967e6f26c9fff0fd8d765

SHA512
a3230b1723f0e59f6725b7ea1b599b4aedd4c79d99662b7b7cbbcc6fb8701972fd62318cbf45e4eb553535fa6638c019645817f8c0d2602e333207be7006dfc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
15KB

MD5
128ddce71c6003dcba1611bce56c999f

SHA1
37ffdcd6773d31e96407cc11db7899e08fb2c399

SHA256
7bacd8d1837a5edc813724145e8d2e4919c5d31ea4bad8e55bcbf688f4c63fac

SHA512
aca6127f943dd6caae6695b858e15a742a7cf38cd1133be6cfcba6ad174c2dbd8647a202f35e6f6175279365fc14462b8e552b6f26b3ecfa5818ba040749906b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RFe6e2df6.TMP

Filesize
1KB

MD5
579f7371870275d41af93e713f012a59

SHA1
9b673a77a070ae6e34a5a40533db6e01a3ec3cde

SHA256
aa525cdc9180400cecc3d2da592c4f8ebf17951c0c6b399d3c3abffe0882e225

SHA512
eba4516aba4c5027f08511a3aad267c6a4f2e896be6e148c16b146cac0c03ae04be6c3ad5ed4a85b806bfac3852b6c9ed6a1817c688477fab7a7c07b5fc71488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
7856e4978689d42ed4735c6c711c354a

SHA1
11ea39c10d37b395cf76a6a6a24bb7af6459f582

SHA256
8f68b0b66996958096fbe7d5f104758e2b54fcf43dd6170b1fcede4e4921b8c0

SHA512
0adb4d94c7aeb8725c829193661a566d6d588348aefccef7674d8cae6208a179fab016d56872651d8e65b65a0d466fd87fdeed3157169f2c7e0b76cb2c6ce685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
416KB

MD5
b506e1a3823fed2f50cdad74ad941a0b

SHA1
7a7901f08ffbe5c60f00bf3d67d4181c9b8d7d5b

SHA256
572e21122d5dd2c43721f0a8154bc8716cc7311582789b5b578a16e0e9af797d

SHA512
6e86bdabe792a326a3a101136a96a4b94116ecba011ba47f2f11e4a7da14f8c72c0f06e0c473e55b21db1b1cf9e5b5aee1b6f6357e8876126750a18ef909e473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
78d958e528730d14fb0067618207fe1b

SHA1
225ebbbf92d0f6a1c33568c96572bac4d99aebc8

SHA256
b32f81d842abc257489af2a6cc914a971d6084e0ad038cc8c2bb10ebfeae9f54

SHA512
5e6d3c800f4f271d617b2fdbd903377f37a70f1670ed808bde6c0a54026ab14d1960274df9d8b15ff675a26ad646666f718c74b9f445d6e4a70f97d7c0cae866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
7aedcba08f4709b8c84baccdd186966a

SHA1
5f1ca1ae6f9363a170a82dcad1b4b5715bb3a404

SHA256
8c268ff1dcee1aba3563f973bbf5e9fe11bea1911828b52e855dfe05f0e80706

SHA512
b81f45df51165072e5fc990ec5fc3d8c63ae4dea94e8f78a43d6e829040e78913e58e66e828fa11299ed159ab6271a9f34746f4759c53e97bff61254e10d652a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
c3d286c4226f43d97cd3115a9ec072b5

SHA1
15fa933525e48cff5344487014c788cbd098f843

SHA256
beca86e0b6019decb545cfa5357a8ad83591d0255bf4905981da9c582c37620d

SHA512
80af44c54e2590eb2b1e54104c2f2957f4e6f3e6f7f82e34435818a2a190e9df14c85b2349fdb50d3489d13dc9587782bd810ab5dfbc74ef78dd3f1fcf29a410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
b0c419abf9342671a70b3f19e3bb09ab

SHA1
17868fab88568f6de1af6e0085d672baa00a094f

SHA256
8a7df731e01300c1c8a008f1fcb3e6873923c453af8d21bf49cb36f716c01868

SHA512
530cbdc0facaddd0b5b5e701a0605679451e7b4226472b754ae0a8814e7888b121ddedfd0fbab02f754ec752cc772610a61e32a74f4f1a2bf76f58896a8affb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
414KB

MD5
e08d01ddd5809c2b5a304346ba024a63

SHA1
667fd87eeca4242186f137004f208472d2e00ecf

SHA256
6aa548b02f25e95c516eeb1d571ac635e6e79615b5952ac3d0f74887f487a153

SHA512
ebe78e18268d6915edd7b4165c24516cfc409f64e464f0ced6596b0c0826566244749b0fcbd4920be67740ca693cf356d391097df3b9bbcf62f6e69159e1db95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
af86f95bc1b217ebda3ee827ffe8eedf

SHA1
5f74be697544b4bf09fc3b7ba771680b3c2ea6b2

SHA256
a6eeabb2f590037e90bfd8af63f46d672ecb3f2bb6d441ad3e6d8c624d41747b

SHA512
6bab6e111932245521d1b86bc8f43bea1274be88342304a742ab98369cf65851a5a0d87d81ae87ad55dcbf0d3fdbc0208cf42c4a57356350393cf02e3da63d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\26eb5cfa-a3dd-464e-b2e9-3b32e95eb1bf\index-dir\the-real-index

Filesize
96B

MD5
ac06e20298bc8d22f951258a433d262d

SHA1
972ba6d8cc95d0298ec7a1bb3f35eb412be3ebc5

SHA256
bdfc2833239c8bab9f0951d65c4664e747735b9afb294f5fbcb596f2ba01a1e1

SHA512
042159a4b45dadc8f3bc6dcb8cf957636737fc3bf2212954c1994fc5f85fffba03e22e4c6250a9bfb51eb25e36141bef40a4e0578f87606716392d131509f3f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\26eb5cfa-a3dd-464e-b2e9-3b32e95eb1bf\index-dir\the-real-index

Filesize
120B

MD5
22a6bdd943e100b662993ea2f5c4eb8e

SHA1
2db7a447e092dc2947dbd9958ba6499c471aea26

SHA256
7d20529947a61cc01e9133bb3745f1bf4a98a3910e7d2eac01233f18132676f7

SHA512
6ad277694fcfdcbfa0072cc215008ebc8c3da348ebe45afbae16dbd1b96b7df89dd86e92b7bf109679971b35eb6bea6b7cf4b9f2d82398945e973e923bc747b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\26eb5cfa-a3dd-464e-b2e9-3b32e95eb1bf\index-dir\the-real-index~RFe580b65.TMP

Filesize
48B

MD5
4dcdd4468b59b3beb9b4096c3c32758b

SHA1
14208232f3735b2ed9e8d0976b1e0a6fa3569c7a

SHA256
00e0f2724495c4d62c096c334ed92aaf3e9cca6c2d961c8f43995b0407d89b66

SHA512
148a034bbf330f2b7d22f517c2577504771a26c4dbe73a63ab6497ecfc07d52f814a004505156963b95375ea97457ed6cb581b41470d4242ea6e474ca1959f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37dcb1fb-1fb2-49cf-8d91-6f59c13bf972\ee91b116cc2005be_0

Filesize
57KB

MD5
41a0e27d027a3c8d9746507c999502a4

SHA1
25b2e4074c71da22e3c444c24098f857c9d7c1c6

SHA256
687ee55a1c5d5da0a1515352bd37ae55cc8779fc9fa139772d899fdaff06d90c

SHA512
0971118e2f49e1fd330f286b3843e08b20f369457b322e3ff0abaf351ff3467e1aa3cdb461bf4ac6210adff65e84987bed49c133695a8e586fe623ce6ba33824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37dcb1fb-1fb2-49cf-8d91-6f59c13bf972\index-dir\the-real-index

Filesize
72B

MD5
8f17c34a486cd5b3a5a29efb5c736a84

SHA1
8d0d3c81ab5e713cd9386e06906065fc9fda932f

SHA256
642a32f77b9bfca1c010a22130bfacaad16faf8c409e5fd69f03373d46b3df2a

SHA512
24d34e5f75c3b15a4d5f55baafb0b7a1ec23db4cd7152d11f7b2d5ea5594986c47836997eea36cd5a41c22a0a5ed6c6143084275931046e7aff13aa2cb80968f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37dcb1fb-1fb2-49cf-8d91-6f59c13bf972\index-dir\the-real-index

Filesize
72B

MD5
6dbb3cb004c2a7d57bf2098cec026fce

SHA1
5ce0330eb1436174497c10105961ff61a36a36d4

SHA256
aeb8eaf805a3fecaa65f294859da1aa1bc801ff34f8a4424f2d1ddfc273e2b98

SHA512
ee67602087ea5f13fd7157326f581d7b68e227c418088f876ab5a230092288cdbda2e7c850c9f8cb7566bb759176e79a47cdab5416ecf73ff172e9a5976919df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37dcb1fb-1fb2-49cf-8d91-6f59c13bf972\index-dir\the-real-index~RFe57e3a9.TMP

Filesize
72B

MD5
18ef64e2828613d09d05a75d6b982d39

SHA1
87fade14d308b478decb24bbc363f137f0d7f81f

SHA256
671d3f8052c378fee31dfc6dcd6c689e1175e6ee6a8399497074e08914a7e051

SHA512
d244102e935bcc7cbca394c797678088c7ed17500a72cb9f7987046f25dbed123eb2f8cb72a45287e93b1163796f2ea44fb75ed36b5dec407dcacb702842c02d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index

Filesize
2KB

MD5
b553ae471b655def12cfe456b587731c

SHA1
60fb4ac5071f427f4517e2b92d150d62f095f071

SHA256
f4614c8e47f5f20759cbfb21e5ee5570b1f4f9da05fb311065fff68f086e36ef

SHA512
ee022cae033de4070b0ee509c07ab89feaba0f57b06245dae9d8a9c73499d813eea879b3979c17278300061b42dc0bfa3f9a24b81085b723ed9005b6ce23d405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index~RFe57f712.TMP

Filesize
2KB

MD5
c781bb46204bdc4e0c4b71d7fe4ddd6e

SHA1
e8207d29cd426c678e9ab4c43705243bbc8986cb

SHA256
1fd887efa8f30e2f6c3dcd17775f6030b3bcb897abc80d1ddcc9c6d3db362534

SHA512
8e7af9d846c24728274e8bdc5f47f018a1bbc7f692e8dabdfbdbbf526e2af6f475009d4bb217ac342c496d61d946055112cf904e7bd412cca128de06d290aae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f9fd1bd4-3821-4fd8-ac64-8914ddd027c2\170ce29fd1bcbf73_0

Filesize
57KB

MD5
a2185be2d1b6e94dadc56cf514a0694f

SHA1
fa9e2d7e8a42a11322171b1c8e86f18d876c4498

SHA256
5aebc97e44932ae981b1b678b2c044e5edcace33328d0c790b0542773984caaf

SHA512
aa09043fe478a5c83db4c98532575bd3cbafd9ded49596d9f35a8bf56e5549e027fdd1d05e2a186093d0c8e9ef7ae3e92ca63983982bac8f6b897e7518c00b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f9fd1bd4-3821-4fd8-ac64-8914ddd027c2\index-dir\the-real-index

Filesize
72B

MD5
cd82e835337cfa8798454613a095d59e

SHA1
adc9fa4f4fa103104c49ab577fb393f60975369f

SHA256
7ef43c03a4372e9bbf09dfec40593b9c6b9c5a3932a272576198f5a4cc2e1c5e

SHA512
cf5e00b01d2fc7ec7828c4788935c2769df83f033115ac49ff66af88c8be3ba522e3848513a7c2fac506ece2cde2faa7fcaacf1ea12b23eb42ccbdb469b731aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f9fd1bd4-3821-4fd8-ac64-8914ddd027c2\index-dir\the-real-index

Filesize
72B

MD5
470cf1eecf06fe9acf59ffcb874b41a2

SHA1
3b17b47fae45f7c3065d498fe0b022b229f0df3c

SHA256
435922013bedd52821361ebb02ddf94323efc86f0ecb6f69e5238b38d354e665

SHA512
63f88119b5263525e692ea78596cb47e5d07bf0a254ac3dbdc37847b140ec5e05bf1898e2baaea59c5ec0708f346d735c2469d697c2105ced5210bc9c6fb8634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
d2ce91d7d5c25eaf4df645536a364af3

SHA1
b0daf046b30cf5985f2fa672ca8592b15c360dce

SHA256
cfbfca5300072d9a3d9b2ebfc826e21308b00f2dbffb5efe4de12a85706c11d7

SHA512
25855b9ead6bfff704842c70a2b1ee2489ad6ca41ef6ee6a26d864307407987269fc761c2d6bee7dac8576ad0d2e0a910396f8a51505166950e616bdfe0a8118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
aae872d19ec784393218e614641a1704

SHA1
f47936db3573f4021d061bfd5c639271d218c543

SHA256
8830ad8b2ba9aefebb51e14a18f4ac0dc67091dd3e4d4ed20d29ee4db715d347

SHA512
bb902f546e57ef9d6efc3216d3fde1add4eee7d5c6d17eaf4e39834ca68553595af218897c3c95f8dd2a67d1e0b7500f4f4710bbb46a62b953855cf7d33bdb1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
0f9d38cce152affdab6382db3db1a0b2

SHA1
5dcd3e5ae0d711c2a9461f60e7e3d31feecd3aef

SHA256
b18e3ae57a511c94bd9d926fb5888c820f7d1d85f35626ed514b3bc5a375f4ea

SHA512
cc0c30e19214ae48d32e0806aa1003bccc136f03b7617214d82a7eb87a7061bc5ca1099e21c6d81d63794c5c1e266fa90314a1fea3f81702b5a6b1877c9b267d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f56bfb986dc43b7d725c421f76f49d3c8fb9acfd\index.txt

Filesize
192B

MD5
82f81f4d8969ab85ecf17e48d4ad45a7

SHA1
9a161362ed5ade7ccc0031874a86b8b8c172952e

SHA256
4307db6fde64f1b4517d08f41e8cba15844da8df0a3388f95be59c828465efad

SHA512
59bc3eb8ff295b21aff3eecab00376866687009a5776c4b30182f4894e6924f1a8b42f924f3d766024b142d621771acaff60506a30cb4bf78a2e6fc43e842d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f56bfb986dc43b7d725c421f76f49d3c8fb9acfd\index.txt

Filesize
185B

MD5
c80fa52a3a83c05eef4fd45b18ae87b2

SHA1
d3612ec21b3b3e79affd2084a10181e7d82f806e

SHA256
388174ead7a8dd2727ebaf5e8357cdd51ed3507221a6e7ee8025ceda8f394a3c

SHA512
4c9424a20d45f02b498d2b78ce8ac94941df4d2872a3f8e811a7eb5d8a2e518ebe6dd748fceaa244b5c4b73f0fabeb0d7c3b7ecb86b03ccf9c190e3e226f0880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f56bfb986dc43b7d725c421f76f49d3c8fb9acfd\index.txt~RFe65487e.TMP

Filesize
126B

MD5
23339801bddee81571379acd946699f1

SHA1
3a84bc7422c7c4c818e02b3ede84aa2dd985b1a8

SHA256
7d2a7a879acfab98c40660f35b7a985f88cc560f9ef4b61a8ffc722ed727b1f8

SHA512
369346d13a2756e43628f72e747fa61e88647c96018a80cabe9d03fe83ce237d4c013d1d2a5597d222826cb690fe0b22f775ab08ec3d95eb56ffb8420f1adab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
116KB

MD5
c026f53374a8964d0d2cad508020bcb0

SHA1
93f9d21e47411c5174cd29770b938f580bdd11b2

SHA256
94a25dc4fdc52d154bf77355a18dbe3befbc6377b2f9ab2b2d7f30345bee1ee8

SHA512
dc8c56d2967905b30abf4743812e41b006261c25b725a1cd66ea9b435787de9e3920a600c3dda7219158da386f97113f14790f772a05cfe5b1a004b36f81d9a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
86a91adf52f8c60784e2b3aa8d5266d2

SHA1
dffc70e980edcb6b29d8abfcc75d7f363d7344f3

SHA256
7d5dd3e40f9eb1fcef1350fc6c65552ec2dd967c69da9825b98f1319634151ac

SHA512
2ebd3d0ae0eee2c17ba79bacd51845825375a0952dba93a4b34689e6b971258a84fb6c2fcd7959ad727d6e6419785d872eb3b44dc9ad6658f62f4ed3b0010099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
a91c09fd20830da00943ff7c01dc3b65

SHA1
a9ad1367b3f989b936cdd14c3692abddb59f5c4a

SHA256
128768fb86fb9fb2b698a4cefab7f79bb03c088ac07b9cd0f38aa207104ab9c2

SHA512
21db8e9edbb8dbd2a0d8cc0c21e9c8a0dc4cb47a819c1291bed030bed75c68b9d5dceeb74e68875e9b75994e40c681b1d5e16fc99d8703e3580e8e4e46a44c6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
104bbe2ed1724bbc1aa2e5b6bb71420d

SHA1
2fa9dab663498b72d58f72d54dd50e3e414e2409

SHA256
8647f90da333df71e820aef43b4d51d72536d9a27bd7b4b7e718ff69a20a65be

SHA512
96180d300066285ad6279bc9fc1985cb2abea6ecb063b040d0b2a709d2ebfa0986fe058b00753cbfd13124dea5d5b9165f05432bd4336d64ad83e520d3b8db2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
dc531bf766943dc1dbc8426006a12158

SHA1
db1348d91441f3e1cad38a4e8b93e55f910f1aab

SHA256
97bc7c7feb3a77e60db76760be188560453ef21b0977a0c571d85899818be621

SHA512
3a79873d54e29cf2e5f52d430dac5c08bc21da8c5b633084b0e8c87021a2ebaf4d5b56329e24d294615193d5d3938534363ef0ecd7675bb2a1ae6ad227a4e5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c4914643e431bd74c6e09badc6fef66f

SHA1
51310d360300b25a68de470f3d3674af8436b833

SHA256
54c8d5b4f0bda2a70871ac03beb27ac0486045f3e78cb027a705b02c9996acbd

SHA512
df64c8405cfed022d999b23b3e30ee35b130bb8ccb56eba31bfa75b9e98eba60e5f1d629dd8a092721d5a084eecba8d517b85c881e7f6fc97b467367346bb41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f2bc.TMP

Filesize
72B

MD5
55e5a395151e6acb366a192bf39ca28e

SHA1
7af0771369b997a1bcdf92a12afd90f4f990fdd9

SHA256
9dff3a0b28344c6fcbc867a0f4c5fe5bed8ab9256596722b128a56345b48b8d1

SHA512
03dee97608bcb7ad447cfc73393b66f61d1777a3fed4bfe6049094e20f3824bf96bba78613eb0aca0da68687e21ab1f74e747646adea6239ece13b8831c62690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
7d64d43d348e4edf04ae837824c6f0ca

SHA1
cf71d9fba0da291f7b939df5b9867ca386b701c8

SHA256
bc6c97ef033f7ed5313a82f14b63f517461e1347a845b9dc5d20a10432917ace

SHA512
151ce957b40e496a49affc27f11da2ca5b99e17be0f169b2b29b96549f1150d2d899250ae7ef962711c96dc14afd9b580f55a905c32f318f1d73b7937a19f1ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
77cb775e9c617c20115e226139ac0b56

SHA1
fae707f262dd6d4520cfee2b6b8126e60c12fbe9

SHA256
d94241db0a865b6215dfa26bf89317150fbc89e1b5ef355c2b0ad1d8ec055a56

SHA512
40b026ba2bc971f1478f539438d34282c6cea201bc9536744696894b35baf7e3a74e82a668ae553f8bae2b9aca0a672011681178dea7b8cdcc6d2a77d5518204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
154feb3b3be4a12930301bb7e686202d

SHA1
959156fca284ae20a97b6c8d99f8dd03608f4195

SHA256
ea8ab1797d92ebbd7600f8f46603f7e1be31c24ebbc1e4a0f2c553bfaa12bb32

SHA512
37985ef5a41cc54fa0e0452275c7369fcbcef53cfa7d1c1fefd9e08fac5e8dda1df520be6b23fb34ca34221deb75bac05d16e6a65bc00afb3e0b82570c143f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
e876c18c431947d1e10cd4849eac1728

SHA1
e85841cf9cdba936ad9258c21183dd9cf4757aaf

SHA256
fa352932805c1fe4e6b93c2c98726ef9e741bc750dc70d0fac50409eb334cd23

SHA512
a6f437544aa6c988b19ed5d69ca87c9990c681d5eb06509402fb237b0b85c61439ba71522e8867f9203d3a953e502f257bbcb536a00d58c3894dfbc3114daead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.31.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
0e3ea2aa2bc4484c8aebb7e348d8e680

SHA1
55f802e1a00a6988236882ae02f455648ab54114

SHA256
25ffb085e470aa7214bf40777794de05bf2bb53254244a4c3a3025f40ce4cef7

SHA512
45b31d42be032766f5c275568723a170bb6bbf522f123a5fdc47e0c6f76933d2d3e14487668e772488847096c5e6a1f33920f1ee97bc586319a9005bacd65428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\buynow_driver.js

Filesize
2KB

MD5
412352a121a62092628029e9b30158d8

SHA1
0021445df04bcd60cd83b670ce1863c42f1f4c11

SHA256
87339a1e25ccbbf120f294fd60333e292e1d631e785a9b205ed5beb0128c214f

SHA512
ffd266f1161ab996f38a6d0723e2cf96840b500cf2aa360f48b7953d448a5cd3a2fffa666d9be9c89dc4495497d5016f1199e6419a82bdf18fc99b8a8a4eb596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-stable.json

Filesize
81KB

MD5
2e7d07dadfdac9adcabe5600fe21e3be

SHA1
d4601f65c6aa995132f4fce7b3854add5e7996a7

SHA256
56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a

SHA512
5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\wallet_donation_driver.js

Filesize
1KB

MD5
03abcce3f9828372d9876aa2e6fcdbb0

SHA1
cf5834e1af5f7143e62a29ae0f7ede79178b3574

SHA256
39a63d56be4f1ca950310f385e8a42f7bc2dcc0e49fefff306176182bfa4f0e5

SHA512
ef9b7decb4cfee3961006ea5c77299a48fe6a667475772f2a78e93bd4f691dc4700f8008138c574898fdcd8d717d84b8b201527ddb5a61346e05d362aeb15701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
36ddce20f29b9f4a7ba14894cd7f07de

SHA1
d9c66977a7ef2c811ebdc9e5925624ea5f4304f4

SHA256
48a61ca7956473283f53b6c56ed01f4119109b67831a6855b973007f32146e7b

SHA512
e0674caa382713db6025c2a5e0054f0825ba4d3756c0afd25aacff180f4508381316fb916b5b1f090f88bb448db2b6d6b7311f88d81ec3cea02c5f69c308ce1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
83c21dd7deaf6f3afabcf70c2a374325

SHA1
e196ee18f556875d0d86bc26ddefc4e1fbbc0e95

SHA256
75ef14ab03637ddd2c564f29d27d7cec86516dc64d5f0d1f9d2e7439efa801a8

SHA512
79e20e9433a142628c7dc93bc3568a4ee4952e2be4ec124b325acfefe7a4d724b1e6f47a5ffe468d3cf4d9dfcaf646ba53d7d1ea35921ee3860bb22c37b17896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
d606fb8b6bd9793f52c2fa11cc0b294d

SHA1
480e59d56423437a8a6a53c23e484df184719f77

SHA256
b180f18f894d329ee5d62584fa8d1702ac6985c7930bd9793f85b030ffaa587a

SHA512
bd046f09310251c33eae06d783654409ce69210aeb33c510592f68daf337213f2f2cd35bdeeb45f28c78d9e530980691c8bf9440c5d68386002c2a763a8e278c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
d49f52a66a42f9caeb47d1e8f02556d5

SHA1
1a91101e09ea170a8a8507314a664a03e300893f

SHA256
9cf55a1f8238cfb30970795196d804387697b83157c98af95a61b2218c383301

SHA512
f3c382bae9faf46e84f03fb2cec01328b1f42c4a7a89c69dbc54d8660dd80db977c3c406180f9d53a448c96e7c3755da2c76a3b8666e7041cd1af3f370b71e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
f247f06f743e9f21c0b0032eec9a901d

SHA1
6eb6d632492682bd5a3e2774e4bd9651b9858871

SHA256
f364b2d6ad19760d400c91e8f14af9960d31df51aaa29e68ee1e0297dd69748c

SHA512
d346dfdb77d74fefbc4b068a263e33cb471c46fc57779c3eeb237f53b8cab5fe71e419286295d7713c1160d0458a6ccb0f10a19b13ea79ecd6e20d0806e0a67f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
f57df087d1a372a54995b4cfacf0f890

SHA1
f5973354c9c48820ec68363e5966c87e6a8c5ca3

SHA256
edf69751f20d4cbdda3254bb84bc0ba79e5a073d2799414c74493b5cb68c6ec6

SHA512
dfc134d9dcf1f3d3a05d061f3f03c8bf12566dea694774e6085e3996c5293ef5bc0cf1c31f3a5b1178d05e49a0c743056856db2bcc5d5e88af99d72b860e2f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
225d9b66837e28c35a24c105765827cd

SHA1
7e51a278888cae00d18af43f75cb69cc41167bd1

SHA256
728449b253d8a8f3ce27b4b4fefd5d7bb7124d736ad91ebab714214f3f6b21ed

SHA512
c70d4aff90c1be34a9cdd5dc2fe463d9d8e3762fd7ed59781c5f41f82dbd6363d1c623680e2fd7d85651d9cc22a6c8fe2c2bb3612ad515808d899f9f4e4393cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
1075190323a60baf49e2f63377e04c0e

SHA1
1cb892c6c7f8afef1687f60bb8ba39a5ece38232

SHA256
cfdc2587d8de8bf86f23d89d3800b4b7336ba544380cff35e479cc8cd65e8d4c

SHA512
4a1f4837328117f48bb3075097b7f8fce7ce32d0e177c9f13ac3136e6364f6926248886c532b4a96fb012c827b4349ed003d11889b7433bd87865ae233a6adc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
bb77287325928e8b5233584412e7ff21

SHA1
f76b4faa020d4d0185b5c51aa746941408890d68

SHA256
e8ffa99630e9d0218fd059229e25fe7029b6494b507b854ed877201091383388

SHA512
20fa3f2930af6f2dbc94b39af1916adae0f9bfbf3e3a80392c46d6124a099378d1e3a2983a99c85af6acafe00242daec4bdc86fd6f4496c9735d21d5e8143b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
d4d6d19d0942c74f5bb97815bf7aa89e

SHA1
504253d4e42566f8c605e90643271a024b238575

SHA256
78c527fb35447908538015505dc3a47f89fe8c4d0bf134565fda4bf2bb4fbe89

SHA512
b6509e79b0699bb7a6349f78ddc1f4f91c59ce594ac90d3a838d12c760c7d72ac80bc327790dc6e37e24bb3b1a70e89b812a09afa26b1ce6548e035f8f28d21b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
6293c2f1309d44892d4f246266e1a861

SHA1
0d200408d81685874d0d0159c2d5fb08ce8d95ce

SHA256
38c11cc2d64afd69856bafc31d269e6f67f2dc64604ac35fc46898891453248b

SHA512
390089977d13c00d54c30ac293cc112a67ca30bc97d99240ca20da0b0ac2e623907a6b1d79f30f4fed9f14275519e7bfde8cf432dcd4744f522637e1b9d799e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
66746ca26b9ab6dae7e9fa6e95db645f

SHA1
6cc2b22052c47aed7ec48fb725ad9ac3a2e6bac1

SHA256
c5ef47d7f1cc90d51e45ac08bc8a1ea384d001f75e7e2c906580e09977925ff0

SHA512
46abe0b2f7190545f9c884ff0249458a101355e1b07dfd48e58a71ecd6f4ad36ff3b79ab7af9266bce359b42676ab66a63c4a863e60742161f5d58ca7689051b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
261d0657547dfa874198e37b8412f721

SHA1
bfb46dbf0af6a1124eeec95acdf42850ea1b903b

SHA256
ce6215727bf4b458f0b82d1523284c4036a1cd7f1c8e083b5202d84372803b1c

SHA512
2e42d2380fe13b23800ff26cb319672498d3caf268953025f3290d155f454372760bf51e03e365d84afbfc21c5b959dae5436ebc168b84cbcd6afc4b8e97ad46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
c6836807fccbdafc0a61c6cc71f45732

SHA1
2a66685e1647872e77ebfb635c815c82546c973c

SHA256
1357e8bf2dcf8b6b65d86570d006529144cc924312020fdb7d21665639819528

SHA512
d5cc57986449a89656196110949243f2a672239ee56b8110609549b43b319cdf578bd52d4de7d3a86fb2fa913b3fc0506a411be02b711b1d034d81db4ec0319d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
f1f98e02c000ae924cda907624ce3f5f

SHA1
3d7fc2e351fb53c6913bd860af0bafcebae60b11

SHA256
173280ae5644edab1b528ec4171fa09c48bc4800d4cd26ad236a788324e84a69

SHA512
efeff6d6b2e3e6a873603011fe7182e4af605304246e489c603c91af0e2b4e3a956cb51575055f624a73fa1be00c0670e85fc12e0868a44d3bc3d7f4eb3dabc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
3d28c77c7765356ba32c252dd5a54664

SHA1
d2ca806fd0f9d907b248919097e780f234123193

SHA256
a064b903a493944fd6d0887730ad76c734a5f4ecb3305589c61a46cdca3428ab

SHA512
8b81f4c2fe61a36b6f8390cc6481c9605c558d20445ddc4c51b5cfac446238332b9b2d2a3c50428b3514316f88800f65adba891f453599c4b7a37f02056bce06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
5231e5cefc853fffbeb327aa98ddab7b

SHA1
7fdd36d463f8da5a94549bf39453c1a840506730

SHA256
8380ee4729a95ec807a587307fd77873e1935dd91395490e108ef8473b45fc22

SHA512
3c57f8bdd7c0067e4dd4883c2d0a8408d82a3989a9e3748266cd88bd3270450905e22070ff75af04a2d9e64922aa6c26b990d97667fd2fad05909f4cd8961e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
5abd7b9d3395498557f9fd84cd73385f

SHA1
d94e6196d93f8f6728eeba3eb2b03eeabeeeaede

SHA256
a44d04d4b07092fbf9fca9841a75cc0374ae682c50c7823e59672b39e35ae0af

SHA512
3db89cfd9320e2f32f6e5e6316c53e774ac29a063d3f8c64697e735a2075a61d225e56355c50565b4d7544ca8641f7640af9ca51b0b4ab5cde434ec0f837ea1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
e32b3905adc871cb165eecea44ce298f

SHA1
38599ddb964134db1affb489815d88b4d314046e

SHA256
44ee898c8c7f60c6ef5cbb9f347a5ccdce40fb1a584bd64f88e488502818fd3f

SHA512
870b04e0ee0e102794ea4df8af1c166b82684543d02a6abf6b0ded6d94238c82fc43167ca2db52bf6fb6c31257b1ae419685cce464ec27f54e01313576a6a75b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
c655bfe1a9284af3274b8b90979872d8

SHA1
396e1c958ee8a752b16020dd8f192510a0ea1726

SHA256
501e9235d3cb601085f90e7f3662d1b5eeabf55a7a422ad3c5b343c8c2629ddd

SHA512
add300d66b0fa317c0637785439343ef1b1e6d417d4abfe395a6c8ead2a8d19900240fb246f67f2bd3235dad7f6aea1aa0fc28fd5f252d3219279e65b3a6c958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
67509ac46c7794e70830cd0a780354d3

SHA1
f2df81821b01b34fd596b2e859859ca5d44bd865

SHA256
1e6963acbf48ed4504985c910ea26e46787dab39b43d66b9434330fec3af6d97

SHA512
c8c6ceea59f1ebbe0898f3ed234c7cc77d0996a29e0caf0dbd4b4ddedcb381b03d992b652918cec99d51e5c955624fc380ea430fe431ad2928089977c882d6fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
d1af40871995eca048bd6a896b5bee8b

SHA1
a24d8f6c6cb8b3eac27918324e22c35f3d28e538

SHA256
acf8bed05291ce16fa6ecee38a29207eabbc5e6789bbdad10f45cebc6d962783

SHA512
857873e71c1ff6217d17fe9f9b80a91fdab6e2dda127c008fdc63db6844a0e5e692695d54bfa6962e482522d682cea09507d2607b07125c11fdcc53af566e117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4606f7419138a952eed6fcc4bd89e253

SHA1
8ca014c8e826eb15e92e5747e4288aa58575f604

SHA256
550486c2f03b6974c7973cf9a1462a2966baf631c81b39a78990056d01fae7fb

SHA512
9cb55796d538c901e61eb4721119bb32d5f38a6339127fc8279999e3ab1e52a443d0e59769f5f514ade737c1e64612bc90db051813da1d10c06a72b30f0ce3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57bcf7.TMP

Filesize
392B

MD5
1ef0afa90c08bb2bd45a1848634f995f

SHA1
963b0388edd427f8ffeaab074485c35080a1aca2

SHA256
5a8fdfc73efc72ca7a0bdf04bbe7272bd70e2407b9150bd11b4c655ee1e8b289

SHA512
d5821c6d0901b692419c22ea5e2d4d308a22b1cbecb95bac964a05908f0277a27cd0bc54a378c11c0b728a4a5f339bffc3667b38b0626150efbb1a9caeb3ae55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.57\Ruleset Data

Filesize
2.8MB

MD5
6a62b26b738ffda1414b1e45b3b97c12

SHA1
ff44417a79841f948bdbeec9049f9fb59d16dc9f

SHA256
da3927c997d3bb2326e97a8dd7835c28f50ad8c4a9dd407669f20730c0159207

SHA512
820caca570523600a057dbedd38b7e3b375d6427d716cb74d0aee0825e621268a9f418f135443e5bc6bd7b9a1fbb8eb6676324d46f9111e56404b8953f23de53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.28.1\typosquatting_list.pb

Filesize
628KB

MD5
bd5eeb9c4b00955e5a0f6a332d78cdef

SHA1
cf9e85ae41cf1ef2385a73ef36ebeb3c3378ea3a

SHA256
dbbea874b4b73aeb3ad17355c90f692767a947516481f158b7319f7c43f0e657

SHA512
2cfa521120dd1ab9c2cc90b74cd8d3f6f8991a086bd2dc1b9d225b08aeca8420f565e047f551ddf6d2149cfb02e4ce69b641e328a774dde7017ad374fd58eb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
281ec4f2a25c641c708e8259bd8440f1

SHA1
afbb97cd039b34c867f13431525c57e312b7df27

SHA256
6bfdfe34043c5062859b5eeb88dc6be24b3747295d855a62ab7098ac334e87a8

SHA512
656d3ed27f069b60bb22c829533a92122bc0301717cbd4e3ec9de273cd1242c7e5c1776dea2131c5b1d144e3fb479347eaa6dd1d8a1f5457299db47fb5b88ff6

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIAA83.tmp

Filesize
476KB

MD5
39f6c48493b5225bae95cdb52c8bf69d

SHA1
f54e11158d71068dc61f2c3c2a9db471ecdfcadd

SHA256
55dcfb4404fd2a7ce72dabc23d856f7529f7ed4359e1af19eca2619c2bf840cd

SHA512
0c5a07e45ba250e253e5ec3fb87c191e9de46027ee1f8ff5fae4be0a4c0e8a7aac48f64d6fb12dfbdd1b77ee93b5c6740e36a5a90e6ff817dd5f18e3fe3bdd6b

Download Submit
C:\Users\Admin\Downloads\Oracle_VirtualBox_Extension_Pack-7.1.6.vbox-extpack.crdownload

Filesize
21.9MB

MD5
c9ba974fa7e0ac66b561d731eb2035d9

SHA1
38fa204012d1e7d65db1e9d1280497bf6dc59469

SHA256
c13e47d3fb2c849019accb03353c7d04ffb9c264920075972ed2e2befe3cdd8b

SHA512
758de93f3134cf0dfcb1aa48acbf86a84b79a01f614a1ee8ac19113c237d09fddb1c52618fd19736ef2d2ca433bf8fd7d26050d45ad500014cd46d56aea8f85d

Download Submit
C:\Windows\System32\DriverStore\Temp\{3f2d141d-4521-d34d-83ea-d409a9496c99}\SET5E24.tmp

Filesize
11KB

MD5
27eefd6a4c376a709a16793b3cf420da

SHA1
a3465d24e915ef51ad758df74de6787bd16d5ea3

SHA256
6323642efc5be5973787e2ecaf8ec6e5e09d72a3ecdc2799f9b6c06841862d8c

SHA512
52a296b56c8fdc9c214d139b47e2ec2ebb7339ee88ca65daa236e088b4dbf3cae392b6e0dc6ea93a23f1877654d335650e03054b39de3692b9b60c46abdfbaff

Download Submit
C:\Windows\System32\DriverStore\Temp\{3f2d141d-4521-d34d-83ea-d409a9496c99}\SET5E25.tmp

Filesize
2KB

MD5
b54fa51b12cfc7a9a54fe666b64b8ade

SHA1
e17673b6636138209d98953d1f6d56b701bc0ba5

SHA256
5b9f68c1a69270234873701f8ad50e60487ad5b3103f7bb1953d0363ffaf61f6

SHA512
f2347994eff841006fbad5dd603875444c13702392dc52f4fb05ee297faf3cf2c617bffa9245f99b28e50171825517af59b2b87014213abf3a80060e6714a40c

Download Submit
C:\Windows\System32\DriverStore\Temp\{3f2d141d-4521-d34d-83ea-d409a9496c99}\SET5E35.tmp

Filesize
176KB

MD5
337251c0585346f48901de919f1758c1

SHA1
6acf0a827435716d2a464f21c57e51fbf68466f1

SHA256
5c750a8d786aad679c0e13934f07bd5cdbf5e5b7fb68a6d62a58967bcf2562e2

SHA512
ac565a4b8ef61b48c0ea7ac8f304a045fce6a925e5cacc3a03646ab41dbf910d58ae65e6c3df3b5d75df4d4efa7f1cc1bf03e48bc7bba5815a9e2690fd1ce2af

Download Submit
C:\Windows\System32\DriverStore\Temp\{4afc2e7d-98c6-cc48-a71a-5068538bb626}\VBoxNetAdp6.cat

Filesize
11KB

MD5
0a751919ada4675a3347d8f45a174b77

SHA1
5ab33ad59706d0456a6396bbecbf5cab9e13138d

SHA256
f42b04be8a339a383dd01b640f0fa274e31c18a1c531287d5d9182b0dc56870b

SHA512
aa3bb2b0a258e716ff975ae56e4dd0b14ca1bc1a0c8f56598d448ac2b78fe2b91d9ed4c109e04956860919f624c845d348a03f8ee223f6b8a776e3e33a69a2d2

Download Submit
C:\Windows\System32\DriverStore\Temp\{4afc2e7d-98c6-cc48-a71a-5068538bb626}\VBoxNetAdp6.inf

Filesize
3KB

MD5
7bd5968035e290fc975a3655d2a30c08

SHA1
f07a370d4734c9b332b35d26b4d16d7ae1ec17b6

SHA256
c1af8774a2b6c246a31b8c3f5185fff67a856c4f96d55c21b4d0587b34e4611b

SHA512
2da219b9fc716499b2d8fa62084c5039d61660bf4ea26e48599eb4d10d95b4ba408e8415a092307b5731cc1de9201bb000848f68d7e79f6b03da453e223253ac

Download Submit
C:\Windows\System32\DriverStore\Temp\{4afc2e7d-98c6-cc48-a71a-5068538bb626}\VBoxNetAdp6.sys

Filesize
240KB

MD5
bb13c7ae29af3d73e2e2326bd37ef752

SHA1
d2b5617fe2f2de0831d2ad0f6301e5cb88851261

SHA256
755120e64cec6673bf8ad2ed0cfb031dd71a31ab8fc063c1b26cc3a8b9198857

SHA512
6aa2a7c483dd205a6d0f667a5249f7eb23b45ee760de009400c208e73c21feda8d94ca428e4922303727e735a0f6026ddfd02bc419f2f280e68f2b55a93acf82

Download Submit
C:\Windows\System32\DriverStore\Temp\{71b3f64b-dd47-bf4e-a519-a575e96e8599}\SET5663.tmp

Filesize
11KB

MD5
7d1841943d1f332eb32e49de47d62e03

SHA1
a4c445ac6247f7919ce9cebf2b543800970a5d81

SHA256
86d86beec055d6bfcaa0d4906a919cb21789e89375d7b50270f85b6b3b5f9a33

SHA512
c6574b411c255f97efa343d168ee45365ffab6e195087722398cd3693336f6ac44cfc7b51f1e6ed328c7091f9c7a311672613c158e8a3b28d6862c2002a7b681

Download Submit
C:\Windows\System32\DriverStore\Temp\{71b3f64b-dd47-bf4e-a519-a575e96e8599}\SET5664.tmp

Filesize
2KB

MD5
59048a0500cb88084655b38de2a3097f

SHA1
014f0f333df2fac12045fb89ce1042f3352241c4

SHA256
c3c0f8172fee9aeeff7d4ac43af0b0b9357f2f119b53c70377f015168586c546

SHA512
cb596dc5048d09186b011ea4a314b7355c2191fff0cae929ebaa919294ed17041006ae575122d7191bfa3572c4da3f75e109d10cbc847e48121de0ef2761b9c0

Download Submit
C:\Windows\System32\DriverStore\Temp\{71b3f64b-dd47-bf4e-a519-a575e96e8599}\SET5665.tmp

Filesize
1.0MB

MD5
9b7cdaa9dfa551282134f4e75074f702

SHA1
e05035fcfe2369000a0264ab1c7eac9c40ecbb5c

SHA256
decc9f7c751ded1aaddc3528dd545837a2a2994c415e983f30a6af1747ac3acf

SHA512
7da4fe862ce314548977672494391370045b80c6bd38f74f82e1f39a88143f93b36c1c06feeca4668a4e29ad60ff73e5f615fd61c6b514bdd902042ab7698af2

Download Submit
C:\Windows\System32\DriverStore\Temp\{7aef2613-a8c3-f549-bb29-4b977248e596}\SET5F8B.tmp

Filesize
11KB

MD5
a707e21804161083d77a12b91d3059f9

SHA1
2bb2e03cf8b024133bb501b769ec128d24f49194

SHA256
2969d9aa44c08db04529ec043d9a8c9e47b68ece7aa51ab6cb78f1c514c9e843

SHA512
9233a827cadec4ec8b44b0b5ed3526f2f45391f07a15256d9f68f943378079311893257532fe6e1bdfeacc2014d8f110f33f1db199aad9bf4573ac0794587da3

Download Submit
C:\Windows\System32\DriverStore\Temp\{7aef2613-a8c3-f549-bb29-4b977248e596}\SET5F8C.tmp

Filesize
2KB

MD5
7ad88778968e6768a71bf7dd65444c3c

SHA1
ec753a59e7c6482e8bb1e72e9c5b5424092c26d8

SHA256
db8c675f4a9837eadf86654d586f2afd2d44e31be12f5c5cec2754d424ebb6e0

SHA512
2339e015305d601077ea17e3bd9d2d2649d64de350436d99d5f1d2a3bda84bf7610fac278094c87b628e4f3c51fb516fdb8f09a274bd532734543cb0eea284b6

Download Submit
C:\Windows\System32\DriverStore\Temp\{7aef2613-a8c3-f549-bb29-4b977248e596}\SET5F9D.tmp

Filesize
190KB

MD5
44a46b8f144a04e18d341b9ac239ff20

SHA1
9e911d62c66b8fedff0cf5a9a9684b2f87221f7d

SHA256
ebcaba012c908d5584579ba927d4e7dfb3be28d91d7c369a2473b393915e933d

SHA512
144d7c3b3f4c63f8f04f786ddc7d553b83808afef47a9628b5f67493950a42d020469c75d536c1214186daae34fdd437eb2a9f7a2214b0e434b6d8decd57c3dc

Download Submit
C:\Windows\System32\DriverStore\Temp\{80b1582b-ab12-ff40-8200-6caa21cb4791}\VBoxNetLwf.cat

Filesize
11KB

MD5
18fd2f2ce49c749c0c8d4ea321661715

SHA1
af7f728e0403c4ba63480bc8ddd55cb3c4ac5f1e

SHA256
96eb758ee44b13d5df932e176addfd42bfd1eb27aa7ddec5801fae07e9797a65

SHA512
14be128511b33fefda28d2d98fc522f6c85230369b14cf78046a566e8df73734a6971208226523da3eb6445c32db4a805b4819cc315655d0e8dc4b547842575e

Download Submit
C:\Windows\System32\DriverStore\Temp\{80b1582b-ab12-ff40-8200-6caa21cb4791}\VBoxNetLwf.inf

Filesize
4KB

MD5
7da30975a6c38e9a0fe9676950f70033

SHA1
d0134da02edaf78b60143d9d6a310ab97137b709

SHA256
aee3b03ca632f7985c71c56d747ed61d0a83e8250f72c4e3cecaca43d6262cdb

SHA512
2ab29cfa41572e3b94680a298248d8d459da50d7f136ec1885a092f8c6550a6fbc5c0e256bdf42285cd7d9234f015d2a577e90989e8eeaa8f4a2780d69c87f01

Download Submit
C:\Windows\System32\DriverStore\Temp\{80b1582b-ab12-ff40-8200-6caa21cb4791}\VBoxNetLwf.sys

Filesize
250KB

MD5
10ed4a0f400f1db09e258c99939f15c7

SHA1
4ed115fb4bece2aaf9b0d724330811cd2c7878b2

SHA256
b7d5361a58530add79cdce5544f41190196ea7b16b32c889627e8b5a61be8483

SHA512
a573233ca92ff878f79261bf7ebc10def90c0995c46527a2f5f3791f5e48cf54158c07af1e0d969ba4d196f182126ca2e4c9ab5a1464e6974b279a6038102a6b

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
38KB

MD5
da9a9e06f845cb8325cef6ce6907cabf

SHA1
14eb1c19f58151550db84dfa0702f3a25ef747c3

SHA256
3a753645aa8d8828d3b326317e38dcc8e9323f25f61de8b20d188a377a2fff3f

SHA512
17a6fe12115af437819d00ef289423b8a1e8a102242db018a459a8d94a8cfdb40b486f3861d0c3476ac2b443e4b6c9e9008930d5e8ae65949d3cb6a8ca2a02a4

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.1MB

MD5
6c0942594ee75e855dd88a5976db7853

SHA1
19d86e177fafe78753772bfdaea5f3b464675916

SHA256
2e9227668ffa3d7dea78e2fb1fe2ff410fbd774f3b4d7fd4a59583dd2fd4338f

SHA512
ff042877f755932e2ef5ed55f357d607fa29b7162119cdbd687d46cb1864679d575bb12b5ea8960a7ad475a8d1d38feeaf12d67e5bf9b1a04750f506370525f7

Download Submit
\??\Volume{28d8005c-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{b12c13d0-e7e9-4ce4-8730-940a5ca6a222}_OnDiskSnapshotProp

Filesize
6KB

MD5
d111f8742239bc50f3c58679e6bc664b

SHA1
bd9dce5493355bcfb5fb09b31e83d2ca68d35539

SHA256
04e4764c0390e06569ed1ac4f0c36c7c2225a10562c2b21c79474adab2b86f39

SHA512
9a59d591c5e73ff6c337f8112321d487c482b82afee69e64e91cfbb0ef904f32667e7d9456c73b983a5c4a1e14cc0841d37d59fc66374a1517618265a85637f5

Download Submit
memory/1056-2447-0x00007FF7EC7E0000-0x00007FF7ECA9A000-memory.dmp

Filesize
2.7MB

Download
memory/1056-2450-0x00007FFB44840000-0x00007FFB4638A000-memory.dmp

Filesize
27.3MB

Download
memory/1056-2449-0x00007FFB44840000-0x00007FFB4638A000-memory.dmp

Filesize
27.3MB

Download
memory/1056-2451-0x00007FF7EC7E0000-0x00007FF7ECA9A000-memory.dmp

Filesize
2.7MB

Download
memory/1056-2448-0x00007FFB42C70000-0x00007FFB43231000-memory.dmp

Filesize
5.8MB

Download
memory/1076-4329-0x00007FFB4A4F0000-0x00007FFB4A644000-memory.dmp

Filesize
1.3MB

Download
memory/1076-4327-0x00007FFB42C70000-0x00007FFB43231000-memory.dmp

Filesize
5.8MB

Download
memory/1076-4322-0x00007FF66E230000-0x00007FF66E33A000-memory.dmp

Filesize
1.0MB

Download
memory/1076-4328-0x00007FFB44840000-0x00007FFB4638A000-memory.dmp

Filesize
27.3MB

Download
memory/1076-4325-0x00007FFB4A4F0000-0x00007FFB4A644000-memory.dmp

Filesize
1.3MB

Download
memory/1076-4330-0x00007FF66E230000-0x00007FF66E33A000-memory.dmp

Filesize
1.0MB

Download
memory/1076-4326-0x00007FFB44840000-0x00007FFB4638A000-memory.dmp

Filesize
27.3MB

Download
memory/3084-4453-0x00007FFB4A6A0000-0x00007FFB4A7F4000-memory.dmp

Filesize
1.3MB

Download
memory/3084-4446-0x00007FF66E230000-0x00007FF66E33A000-memory.dmp

Filesize
1.0MB

Download
memory/3084-4449-0x00007FFB4A6A0000-0x00007FFB4A7F4000-memory.dmp

Filesize
1.3MB

Download
memory/3084-4472-0x00007FF66E230000-0x00007FF66E33A000-memory.dmp

Filesize
1.0MB

Download
memory/3084-4450-0x00007FFB42C70000-0x00007FFB43231000-memory.dmp

Filesize
5.8MB

Download
memory/3084-4451-0x00007FFB44840000-0x00007FFB4638A000-memory.dmp

Filesize
27.3MB

Download
memory/3084-4452-0x00007FFB44840000-0x00007FFB4638A000-memory.dmp

Filesize
27.3MB

Download
memory/5848-4323-0x00007FF66E230000-0x00007FF66E33A000-memory.dmp

Filesize
1.0MB

Download
memory/5848-4324-0x00007FF66E230000-0x00007FF66E33A000-memory.dmp

Filesize
1.0MB

Download
memory/5916-4448-0x00007FF66E230000-0x00007FF66E33A000-memory.dmp

Filesize
1.0MB

Download