hxxps://getswift[.]gg/

Analysis

max time kernel
1324s
max time network
1326s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
28/03/2025, 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getswift.gg/

Score

9^/10

defense_evasion discovery execution themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Swift.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
1948	powershell.exe
2500	powershell.exe
4688	powershell.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
112	3088	Swift.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Swift.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Swift.exe

Executes dropped EXE 1 IoCs

pid	Process
3088	Swift.exe

Themida packer 25 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x001c00000002b12a-270.dat	themida
behavioral1/memory/3088-300-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-302-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-303-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-304-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-305-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-327-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-328-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-490-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-676-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-697-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-708-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-710-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-730-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-732-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-734-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-783-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-814-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-825-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-827-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-834-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-856-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-1145-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-1156-0x0000000140000000-0x00000001437AD000-memory.dmp	themida
behavioral1/memory/3088-1222-0x0000000140000000-0x00000001437AD000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Swift.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
3088	Swift.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_1876433756\crs.pb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_463063498\LICENSE	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_377071218\_locales\sk\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-shared-components\fr\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-shared-components\fr-CA\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\wallet\wallet-checkout-eligible-sites-pre-stable.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\wallet-webui-560.da6c8914bf5007e1044c.chunk.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\wallet-webui-992.268aa821c3090dce03cb.chunk.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_2104487843\_platform_specific\win_x64\widevinecdm.dll.sig	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_703044921\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_463063498\_platform_specific\win_x64\widevinecdm.dll	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_205720915\hyph-ru.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_377071218\_locales\hi\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-notification\es\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-notification\fr-CA\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-notification-shared\es\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\wallet-icon.svg	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_110839324\deny_full_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_205720915\hyph-ga.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_205720915\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_377071218\_locales\el\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1161283580\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-hub\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-notification-shared\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_765082499\Part-NL	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_110839324\deny_etld1_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_205720915\hyph-und-ethi.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-hub\en-GB\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\Notification\notification.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_2104487843\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_377071218\_locales\sr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_377071218\_locales\zu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_503530333\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_2104487843\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_1876433756\ct_config.pb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_765082499\adblock_snippet.js	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_2026158991\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_205720915\hyph-cy.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_205720915\hyph-ml.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\driver-signature.txt	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-hub\pl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-notification\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\Wallet-BuyNow\wallet-buynow.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_703044921\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_377071218\_locales\mn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-ec\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-shared-components\el\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3040_110839324\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_205720915\hyph-bn.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_205720915\hyph-lv.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_377071218\_locales\hr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_377071218\_locales\fr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1727047664\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-ec\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-hub\da\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-notification\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_205720915\hyph-bg.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_377071218\_locales\hy\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_377071218\_locales\gu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_503530333\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-ec\cs\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-tokenized-card\es\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-tokenized-card\ru\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\Notification\notification.html	msedge.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Swift.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
behavioral1/files/0x001c00000002b403-832.dat	embeds_openssl

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876669339054375"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2873637269-1458872900-2373203793-1000\{26175234-7F59-47EB-A66B-D34CBBAA2883}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2873637269-1458872900-2373203793-1000\{E22D8CDB-6211-4BDA-A671-E61C227A78A7}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2873637269-1458872900-2373203793-1000\{1D1D9C25-6A3D-4918-99A3-9C7804492D92}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2873637269-1458872900-2373203793-1000\{FFC95B3B-4D21-4FE6-BF7D-3AD01858C025}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Swift.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5516	chrome.exe
5516	chrome.exe
1948	powershell.exe
1948	powershell.exe
1948	powershell.exe
2500	powershell.exe
2500	powershell.exe
2500	powershell.exe
4688	powershell.exe
4688	powershell.exe
5368	msedgewebview2.exe
5368	msedgewebview2.exe
3344	msedge.exe
3344	msedge.exe
5288	msedge.exe
5288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 49 IoCs

pid	Process
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
2760	msedgewebview2.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe
Token: SeShutdownPrivilege	5112	chrome.exe
Token: SeCreatePagefilePrivilege	5112	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
5112	chrome.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3088	Swift.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 1928	5112	chrome.exe	81
PID 5112 wrote to memory of 1928	5112	chrome.exe	81
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4944	5112	chrome.exe	82
PID 5112 wrote to memory of 4928	5112	chrome.exe	83
PID 5112 wrote to memory of 4928	5112	chrome.exe	83
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84
PID 5112 wrote to memory of 5092	5112	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://getswift.gg/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffa282cdcf8,0x7ffa282cdd04,0x7ffa282cdd10
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1832,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2200,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2212 /prefetch:11
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2352,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2324 /prefetch:13
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4224,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4244 /prefetch:9
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5148,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5160 /prefetch:14
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5416,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=2356,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3668,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5672,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5680 /prefetch:14
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5520,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5648 /prefetch:14
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5632,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5476 /prefetch:14
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4208,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4264 /prefetch:14
  2⤵
  - Modifies registry class
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4316,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5660,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5544,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5448 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4632,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5448 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5616
- C:\Users\Admin\Downloads\Swift.exe
  "C:\Users\Admin\Downloads\Swift.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Downloads MZ/PE file
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of SetWindowsHookEx
  PID:3088
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell" -WindowStyle Hidden -NoProfile -NonInteractive -Command "$WshShell = New-Object -comObject WScript.Shell; $Shortcut = $WshShell.CreateShortcut('C:\Users\Admin\Downloads\Scripts.lnk'); $Shortcut.TargetPath = 'C:\Users\Admin\AppData\Roaming\Swift\Scripts'; $Shortcut.Save()"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1948
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell" -WindowStyle Hidden -NoProfile -NonInteractive -Command "$WshShell = New-Object -comObject WScript.Shell; $Shortcut = $WshShell.CreateShortcut('C:\Users\Admin\Downloads\Workspace.lnk'); $Shortcut.TargetPath = 'C:\Users\Admin\AppData\Roaming\Swift\Workspace'; $Shortcut.Save()"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2500
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell" -WindowStyle Hidden -NoProfile -NonInteractive -Command "$WshShell = New-Object -comObject WScript.Shell; $Shortcut = $WshShell.CreateShortcut('C:\Users\Admin\Downloads\AutoExec.lnk'); $Shortcut.TargetPath = 'C:\Users\Admin\AppData\Roaming\Swift\AutoExec'; $Shortcut.Save()"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4688
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=RemoveRedirectionBitmap --lang=en-US --mojo-named-platform-channel-pipe=3088.6056.16201889777418000154
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:2760
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\swift\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\swift\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x17c,0x180,0x184,0x158,0x18c,0x7ffa1615b078,0x7ffa1615b084,0x7ffa1615b090
      4⤵
      PID:4296
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1752,i,17637858318826671839,918465469566329376,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1712 /prefetch:2
      4⤵
      PID:4884
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2024,i,17637858318826671839,918465469566329376,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2036 /prefetch:11
      4⤵
      PID:4912
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2300,i,17637858318826671839,918465469566329376,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:13
      4⤵
      PID:3056
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3548,i,17637858318826671839,918465469566329376,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
      4⤵
      PID:5768
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4656,i,17637858318826671839,918465469566329376,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4080 /prefetch:14
      4⤵
      PID:4572
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=784,i,17637858318826671839,918465469566329376,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2092 /prefetch:14
      4⤵
      PID:3712
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4680,i,17637858318826671839,918465469566329376,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4772 /prefetch:10
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5368
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4464,i,17637858318826671839,918465469566329376,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:14
      4⤵
      PID:2816
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4256,i,17637858318826671839,918465469566329376,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4796 /prefetch:14
      4⤵
      PID:4784
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4120,i,17637858318826671839,918465469566329376,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4912 /prefetch:14
      4⤵
      PID:4328
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4136,i,17637858318826671839,918465469566329376,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4812 /prefetch:14
      4⤵
      PID:5640
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4924,i,17637858318826671839,918465469566329376,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4948 /prefetch:14
      4⤵
      PID:3396
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4844,i,17637858318826671839,918465469566329376,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4664 /prefetch:14
      4⤵
      PID:1520
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\swift\EBWebView" --webview-exe-name=Swift.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4960,i,17637858318826671839,918465469566329376,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4148 /prefetch:14
      4⤵
      PID:2940
- - C:\Windows\system32\cmd.exe
    "cmd" /c start "" "msedge" "https://key.getswift.gg/ks/checkpoint/1/ZCeHWyYwBDwofTpXczktOjpjsVbBVUJUVcqUXofLVhtgLGiASe"
    3⤵
    PID:4472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://key.getswift.gg/ks/checkpoint/1/ZCeHWyYwBDwofTpXczktOjpjsVbBVUJUVcqUXofLVhtgLGiASe"
      4⤵
      PID:572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch https://key.getswift.gg/ks/checkpoint/1/ZCeHWyYwBDwofTpXczktOjpjsVbBVUJUVcqUXofLVhtgLGiASe
        5⤵
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of SendNotifyMessage
        
        PID:2868
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffa02e7f208,0x7ffa02e7f214,0x7ffa02e7f220
        6⤵
        
        PID:4332
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1796,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=2328 /prefetch:11
        6⤵
        
        PID:1044
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2300,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:2
        6⤵
        
        PID:1368
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2336,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=2804 /prefetch:13
        6⤵
        
        PID:2616
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3396,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:1
        6⤵
        
        PID:1124
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3404,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1
        6⤵
        
        PID:1192
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4972,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=4948 /prefetch:14
        6⤵
        
        PID:688
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4980,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=4928 /prefetch:14
        6⤵
        
        PID:2884
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5600,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:14
        6⤵
        
        PID:1052
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5756,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:14
        6⤵
        
        PID:4176
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5756,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:14
        6⤵
        
        PID:2648
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5960,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=5972 /prefetch:14
        6⤵
        
        PID:644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
        
        cookie_exporter.exe --cookie-json=1140
        7⤵
        
        PID:3704
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:14
        6⤵
        
        PID:5748
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:14
        6⤵
        
        PID:5076
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5864,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:1
        6⤵
        
        PID:384
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6276,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:14
        6⤵
        
        PID:4352
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5784,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=6432 /prefetch:14
        6⤵
        
        PID:3024
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5904,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:14
        6⤵
        
        PID:5576
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6968,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=7080 /prefetch:14
        6⤵
        
        PID:660
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6900,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:14
        6⤵
        
        PID:5076
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6772,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=6680 /prefetch:1
        6⤵
        
        PID:4720
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6648,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=4124 /prefetch:14
        6⤵
        
        PID:2488
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3648,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:14
        6⤵
        
        PID:5256
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4920,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:14
        6⤵
        
        PID:4112
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6700,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=6592 /prefetch:10
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3344
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6592,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=760 /prefetch:14
        6⤵
        
        PID:4576
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5580,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:14
        6⤵
        
        PID:3904
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5240,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=6500 /prefetch:14
        6⤵
        
        PID:760
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6720,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=4908 /prefetch:14
        6⤵
        
        PID:5392
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6612,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=5172 /prefetch:14
        6⤵
        
        PID:3376
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=6088,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:1
        6⤵
        
        PID:1216
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=3728,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:1
        6⤵
        
        PID:5208
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6764,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=6676 /prefetch:1
        6⤵
        
        PID:2100
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6616,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:12
        6⤵
        
        PID:5848
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3672,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:14
        6⤵
        Modifies registry class
        
        PID:4952
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7056,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=4864 /prefetch:14
        6⤵
        
        PID:1676
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4936,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:14
        6⤵
        
        PID:1944
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=5148,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:1
        6⤵
        
        PID:5428
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7208,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:14
        6⤵
        
        PID:2648
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,13343373242975573040,12929551948689742346,262144 --variations-seed-version --mojo-platform-channel-handle=7272 /prefetch:14
        6⤵
        
        PID:2176
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        6⤵
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:3040
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2f4,0x7ffa02e7f208,0x7ffa02e7f214,0x7ffa02e7f220
        7⤵
        
        PID:860
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2152,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:2
        7⤵
        
        PID:3924
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1832,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:11
        7⤵
        
        PID:1760
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2348,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=3400 /prefetch:13
        7⤵
        
        PID:2636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4308,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=4328 /prefetch:14
        7⤵
        
        PID:2860
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4308,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=4328 /prefetch:14
        7⤵
        
        PID:1204
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4176,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=4628 /prefetch:14
        7⤵
        
        PID:1288
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=568,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=4736 /prefetch:14
        7⤵
        
        PID:5316
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4684,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=4724 /prefetch:14
        7⤵
        
        PID:792
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4672,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=4700 /prefetch:14
        7⤵
        
        PID:3152
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=4896,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:1
        7⤵
        
        PID:1840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=4904,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:1
        7⤵
        
        PID:2824
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5380,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=4640 /prefetch:14
        7⤵
        
        PID:1284
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5404,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:14
        7⤵
        
        PID:3580
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6048,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=6116 /prefetch:1
        7⤵
        
        PID:5976
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4240,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:14
        7⤵
        
        PID:5220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5460,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:14
        7⤵
        
        PID:72
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5720,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:14
        7⤵
        
        PID:4472
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=5736,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:1
        7⤵
        
        PID:1664
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5464,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=6280 /prefetch:10
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5288
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=5352,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:1
        7⤵
        
        PID:5804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=5148,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:1
        7⤵
        
        PID:4284
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=5656,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:1
        7⤵
        
        PID:4908
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5416,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:12
        7⤵
        
        PID:4460
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6260,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:14
        7⤵
        
        PID:2320
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7136,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=6704 /prefetch:14
        7⤵
        Modifies registry class
        
        PID:5836
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7188,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:14
        7⤵
        
        PID:5172
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=3896,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=3592 /prefetch:1
        7⤵
        
        PID:4780
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=5748,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=7564 /prefetch:1
        7⤵
        
        PID:4984
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=5744,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=7544 /prefetch:1
        7⤵
        
        PID:1284
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=6316,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:1
        7⤵
        
        PID:2928
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=3592,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=3984 /prefetch:1
        7⤵
        
        PID:3316
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=7288,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=5724 /prefetch:1
        7⤵
        
        PID:2464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=7656,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=2568 /prefetch:1
        7⤵
        
        PID:5208
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=7324,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:1
        7⤵
        
        PID:5196
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=4484,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=7216 /prefetch:1
        7⤵
        
        PID:5132
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=3360,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:1
        7⤵
        
        PID:4672
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7472,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=7768 /prefetch:14
        7⤵
        
        PID:3976
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=5908,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:1
        7⤵
        
        PID:5044
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=7672,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:1
        7⤵
        
        PID:2196
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=5576,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=7404 /prefetch:1
        7⤵
        
        PID:3632
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=6136,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:1
        7⤵
        
        PID:892
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=5276,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=7832 /prefetch:1
        7⤵
        
        PID:1404
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=7532,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=8144 /prefetch:1
        7⤵
        
        PID:4052
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=5476,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:1
        7⤵
        
        PID:4976
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=5560,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:1
        7⤵
        
        PID:2480
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=8088,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=7888 /prefetch:1
        7⤵
        
        PID:3892
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=7996,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=7496 /prefetch:1
        7⤵
        
        PID:2720
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=7544,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=7756 /prefetch:1
        7⤵
        
        PID:1372
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=7524,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=7592 /prefetch:1
        7⤵
        
        PID:2920
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=5640,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:1
        7⤵
        
        PID:5348
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8028,i,5465798606575625004,5438804154823332424,262144 --variations-seed-version --mojo-platform-channel-handle=7768 /prefetch:14
        7⤵
        
        PID:756
- - C:\Windows\system32\cmd.exe
    "cmd" /c start "" "msedge" "https://key.getswift.gg/ks/checkpoint/1/nULssrLygCxHZmOhCFNZnslHxgkxqcSZKQaLLdbDJQqivjgMMi"
    3⤵
    PID:2912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://key.getswift.gg/ks/checkpoint/1/nULssrLygCxHZmOhCFNZnslHxgkxqcSZKQaLLdbDJQqivjgMMi"
      4⤵
      PID:2220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch https://key.getswift.gg/ks/checkpoint/1/nULssrLygCxHZmOhCFNZnslHxgkxqcSZKQaLLdbDJQqivjgMMi
        5⤵
        
        PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5264,i,13247614898362270209,7485374597477694190,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5732 /prefetch:14
  2⤵
  PID:3152

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5272

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1456

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5944

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:1204

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004EC
1⤵
PID:6072

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1448

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4980

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
721896a1a14b78ef53e7914a04162520

SHA1
12f3e016bdca88c14722088c9798eb0bc88cbaf3

SHA256
1a09049ec446771b5b64b1c32adca61a2e21b3626a45c537c9379c04f319569d

SHA512
169209392a12dd80a98674bb697dea65f5e3595acf534a49b01a89c5bf92b187cee7e0d50040170c0568471c0d1d7412087e82bd35cf8bff7b84606b09227455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
20.1MB

MD5
532e28bfd55208ef66d609a48a65cf91

SHA1
5da3a7f1a437cae4109b4c052b7de697bc58a674

SHA256
3b19486b4e14b206ec8ab2602ec6a430f9fce7ef40247b1e1f4c6f004ee468b4

SHA512
10c57c4bd1c18242405bb7ac89361121b6169f3444122dbef246e4605b0f793f205a9fb36f5a8d820e9c8617bddb9df65b9590acbaada19a89ac7a064a23a0f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
55dc4e8f5fb99383f3f01ad2e88da1ea

SHA1
e857bf7f097351d27a912f24b9535248c74c839b

SHA256
8dc4db12ac9972e948d748c995e4d5f578fad7a8632b29fefa9401d0824a0601

SHA512
bb0ee9706c5f02f7a0fa08afdc01a8b9446d8f4a6f040a90556f92d05a77d783fb276dc2948ab31bf581278590c6acb1881d7e48c28ce8ede28d490090a1e618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
70051ef837daa0c62a8b308f1533e1a7

SHA1
2bdfb1e14be66d71c0828666a4752e06634570f5

SHA256
43dc8f2bc1777e8cd4d51511288353e44cb63a1573fad7d782458e223ce2be6d

SHA512
b1b24a06d47e2a35a6eb399d0b6f15779cfc301e66028c5b1c3832fbb27daede497ce17aa33f53d6e4139e755ab39e38efc26fce0c4da2695c913a00ad3b135d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
260bcbdf86175068a99ee3c88808aeaa

SHA1
68a4bd7624bb0472f77589f55c9277aa22d52f80

SHA256
33957cf6903e6f776e7ebbca366075319f9199fefcf5bda481766569fc59561b

SHA512
650a6bd7107964e453095ddcfd0de3ed17734dabd4cae423ba40018e8203ad214325ac498218b22d3daa27c5385f1ca403d954797fc61daf51729d4191d26d3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c78da96eebd447397ebd4087bbd23148

SHA1
425ac058a033652c22c292b2f57df519b184ecc3

SHA256
3ebc00b974db3675219a22dde3a078113cb0021e6dcb3f75c8df0001a6624a62

SHA512
c9fc8a535a320f7eb7158c9975cbe05a33bd6b615463e96d6ddf0bc625863b4a72e7a4c8cf56f0d58c697792c913f6e28def3a2ff1cab888f9ca6d427fd841e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b151ece113b4ef0deb829a01a0e6c46a

SHA1
27bb5be2b26c6a092033eac0eaed69ab126173db

SHA256
53c3d58183ae259135615b09d59734f8fd09a09943743a290ff2b7d637c20a69

SHA512
0f0d63145e91bae6ec236104c4edd9b2c16c299d86e976c576878b699d53dfb4951ec449316e9c3aa2561f8a1eac01ea5fb0d8966fa2e00baf5934c9532aa4d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
29ba11308c1d6e1086ca28edd32b4316

SHA1
529347e31d409e62772fc7d36d95ac54bf95d135

SHA256
674535a05951acfd831673d788a1c1b109e14f891973fdaefb0c6833ca3cb325

SHA512
3a16a0556dcb371850dd7b707f45c4ae18f0e3c8b3def91bc87a47a0a8d407e639b8b051c7e8d3359befbf7b41e02b49e859be69e60c0e4da5494e71ad524970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c931422dd87190c646f3df26b849732a

SHA1
2c257ddd07ae5048adf6f7a3d2f51af8a6412332

SHA256
1ab86e577229e319dc31bf158d5d65712e94956b2962a0e9c6fc1a7439aebfe1

SHA512
bf2c377c012295314ae828901da55f17d1feb75046b366199ad5c868aeace6696526a40e232c84640e7c56693a28712ae4f922f60d16960cb71ec7f78f9be0b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
170d8ca928d9b6df52c336d0443ca681

SHA1
d02074cfc7f2bf52cb0be8753a47882f31f3c409

SHA256
9a27716567cbfdcc4c064e754bd51432a4895bdc196cb124dcc251e512dda4d1

SHA512
21adebec0b831d979842174249c5ab1b5e9e8c528778aff3deeec3478c47abb7d8edec43d9288c8f2d42624cb44df85de273fab792da392fdb315929d27c0738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
42ff3aac3caad119ab9762c25cc31f97

SHA1
e09dfbfd4b0c4da8c67a65931fd868a8322ce13a

SHA256
110312c16d73a543304c6e77346f770bdf64955637721db6e23ecbf3d66499d5

SHA512
9c060b4d8864f5ee4e7c92e95b030d70da05b41d76832ade6392a8d3ef0c8fda0a88c143ab9b6fcee495e863d15ad004c3a620aa3ccf67da217f018c6e661fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
84fa267f4d8deda8caa1db88a22ee0a9

SHA1
90eb1f194fd4a9e98214c1dd36ad53dc34a08beb

SHA256
86d3ec9c42c654eaf33da5b7870a74af75140d7e8559e22831a8fb529ab4fc74

SHA512
6955d7e911c561bee3a177f3839d6ef6fffd514f8e028a63278e4d09b06cbba294fccaf45d268f584e673ae17a2b48ef9f41f74379295c62e9b3c882aa86d2c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
247d24b326ab78917bbeb94872255160

SHA1
a6a2a8a31b08f46e6cf0ffc777fabe5b3df6ba2d

SHA256
f6e563d3d5d861b796d9197f7f264cae6f6ef03e645c8dd158e5e6c9dfde0bd6

SHA512
69efefe1bf8a5d769ad4f6f5debd7797111e58da1d3f8deaec9815c9010cdcfebad1cc174df86f18aff02bacf6c8201efcfacff7899b1c6a737486faf13894c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d6074c95bd9c6b60ef75c1efb7d665ec

SHA1
3692ff27a184e6973838bf773f89be671e73645d

SHA256
e1a286ca65a9c4c0c1a47b7cf125ede95fdb2e51237f38887c4d3b8a7e799784

SHA512
938810efcb4ab27c809f3b52b4924dc1d758ce9b8aa08ed4d22ec845d816df549026049ae5b915a5c9e1bd6d6d4160b12965200d897dacd0a82c91169f89f74a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0f0489a58e79b4b6387473e21dacdf2e

SHA1
6d1c7788efc3322b5b600ab11c444aac97b28453

SHA256
3735f3a5e291ca89ffba61c4c45c34f833d2bad9366ee83eaca7851d63402127

SHA512
4d2ef76c54e3d0eaa6a1c8f9cac38440fe5d0d50af9a316db077573619efd5a51634194d951c0f739f7a338447242a0ba9140c993e584a295ccd67808f5e663e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5c8d97ca4bdad416fc584729482a72c3

SHA1
c674b9b5e1c2ce55132174f8908d3ebde8b60c4b

SHA256
db30e8e43d4262307c324f78bfdbaf7adbf031719380d8a262533f526790a732

SHA512
9c79b09818eca08ed85948beba81af218d03c004e477f4895f646b4a530c0b663e5a4e51fd7823ec015b10a91a8d080529fb979a18e735b541f60d03d23f5652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a86187c581f605951cf7f2b366825864

SHA1
568955bc055941f8cddd9e0fde98e009d8ac9ff3

SHA256
4d14066b47a58e17874c4703d10c5d3c440ca32ef1a9cf0830b7b60d446eb749

SHA512
a52948c2ecb4a79a4bb474fcae5f8d330972f0b9687e5c9dd26fec9afb2b15ccbf9ab1bd4db09accb90f535f4af3422279ce84389856720a14726e24c4a93de7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b58b1ef9194348365214b511dac7594c

SHA1
82ca6c32408c1706ceb733695dae1550376781cd

SHA256
6956b01b5c6863a116badc25840440a6d4a762961c8e77bb7339f06340ddf4fc

SHA512
ecf3cab4e3bb07cb5c16071a938aa1cc19af9997212518a10864bd4d883ed2a40562def389bfbe76166fc8d7014553538c81e12750cd6fbfdaf3af25bca12831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
4fd1aca21c5f6ffb86cbf24ef95e06b3

SHA1
1e2ca116ce695a03e2a8f098b7d170c622089810

SHA256
5aacfb32884df84703b169bc8ca798f3313c4b85378745b14ceef6bc84916621

SHA512
2ddb4ef4f303c2e1ae8b0e2bff53b78417e3e27cc09a4d4d69f5833428efa6e319f7dae174a9b4765dd3bb871e8d0e44e15cfe78e2a73775e29cb0dd2cc8da4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5794dd.TMP

Filesize
48B

MD5
8c04b711d39068bb10383ac3db52bc10

SHA1
68099711ebe15ba61e0075109b36269628a5146b

SHA256
27a5f2b0c73f0dc0ff68ab17c7a07bd7e8a41770570761105bb835f713cdaec8

SHA512
ca2a7fc51cc34b3e06c50a7a4d8acd0b09c6168739e78830b1c66daf52758d428e13306e588933eb2a49de941c9f499689adc73572ad956ab6b13c0a51d1fa2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
fa150ddc9de7468b581524fd044d5f90

SHA1
0f92cd610dbfedafef5ac648ee961602e5256589

SHA256
758585540924ab4d488124c84400b81dd93231a87f83c0f64ffbbc37ac27d39c

SHA512
dcc56dd60f9ed0c2cca1fa281712c24f1b78257b73ed4baecc586ef02bc1efb875302fb7e5b1b41f99b4cc7a25c84695ab7b2d5c84ea1e74d622def24d13a2c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
95KB

MD5
22d22df6676dc1558c880bc58e3d4af3

SHA1
6c03295b73d490284d56e80a98e30431e05f1cd1

SHA256
ccda2eb51ec28ae0d3aea893011c82fcf01c2329757541d5c46e833f5c50c3fb

SHA512
eaec4b02de0ac3d6038b8579f58b03aaf436b743cbd6e430e36adf2b4a34752fb606ab747f1eb7864be0f43b34458aad451708b4cbd4a7b47f39a3fa5e058bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
131f4aac8caf820ee37b2d2ff138728e

SHA1
6efc1e16bcb35980c009c553d63f0da9169a0d27

SHA256
faceac41a23b6672a5256bedd657f8146b611c6be4476b25745539f2a6dac37b

SHA512
2e85a282b7b9254f04bf63295cb70f97057b09faf26b30aee25c0f43631a9bdcbab4082ba94e6552165389b48b05ea428fa1f0ab378281dd56d58c400ef8742f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
20d7ea309fa0397bae1497f1b744ab55

SHA1
67caa910ffd3b48e3d860868bd80a53c59cbde16

SHA256
34160e25d36b525580f77233f0a84514d0bac4a70963313ab8222118d1e1313c

SHA512
1f36d02f08d049376da51069f95d3796504b9ac53a2db38d4d02e7a975005cfce596db515e6edb94ef3564bb05b47212c183809163990176abe342e6672ccce8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
30eac79781f9a9b63c730e7f38d88278

SHA1
e517453eb5222d0d18d7f4adf63af0a98e3b190d

SHA256
94944e9d721b12004542954a5dcee9dbd96b40e1e293662ee45095ac47613f11

SHA512
415c8b7b5847357c26d41f7204ec97330bbbc20feea6d0dbc245d81d94176b95ac10c29c8ea17cd1dee5acf711b792d04e7a6ff728051cb76629baaf6397645a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
d2419324d2cded58ff88c31bfc0311c1

SHA1
ac0eec1f8337eb527c5dfcf84e11b6a3cc26bd58

SHA256
40f449b28d564a4dab38a8bbfcc21150aa0066fc5c4d7f8847b61c0141e99759

SHA512
1b4ff85894a81da54853778c8ce256c54825702fc627cfddd0867052597be3ec6b5f27414d41b751b59931d4a3c75624628e235e1f82969bc4354f0271e8b653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
46bf078542af17d1a2764a559d413a69

SHA1
90c281a56afe8f4145b7d368b83dfa745207ea1a

SHA256
201909c50eb99af822432e37597ed4edd2c6881c36fbebdf6e0494dc69e462f6

SHA512
cbcfef59daf9bb9674593635118764c9574e6b42cbf4797f1436988f5dc533b5dbd0403a9f61addaf7e5c6f163e6139b69e3144caf62bc7bec86dfdc433d0dff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
5f4c933102a824f41e258078e34165a7

SHA1
d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee

SHA256
d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2

SHA512
a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8272581d8cb38484cc8cb6afbdd0d37e

SHA1
2baa96a0439003aabaad1ce5619ea0a581cf261a

SHA256
025356bf819ea8a5da44ac2c4510bc380a9448247a30665577430ca7a44ca297

SHA512
60574186c595b0018d9223afd38e59378b1b00ef4f39be17ef2d7613cdac5b8f9e6dc3f2efefd559a0e4e8d64884d6ea155e874df13f170bb6dfbb41a0104959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
d89428ca1e88081319df89934e011260

SHA1
8d5223c8a3f5ede82f2034a65891c39071114b9a

SHA256
9789d3575c738a4a23d5de751eb21db2647a8f7c1c3cc66c400f1ea2b5230cdb

SHA512
8a1d8a4c312cb85afe805d2b73c9212717de27d2ae2de2c41a3dda0cf8dea82aec6de31679d8b0d3899abbd22e3baf3613450796f0869bdbd5ef6cbbcafa54fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
e6bcda037f19de5fb94bbd3a557e4d6d

SHA1
cd3fa9b77bf5fdfba2f96ffbbdf2218e31b8e8c5

SHA256
f910404aaae19de05ac13a54580c96895735504d6dafe12f2a28471d2a687539

SHA512
2c1889915db703cd691b99152c90a996f2832fb1ec44dbd6ecdd053ff5be5065a1704ec30fa95e997eb6deb03db5797e4e5a027ef0420002a1829ffa9b17261a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log

Filesize
21KB

MD5
119cb88315a529b24df43fdd1591bab3

SHA1
67bb14c2919903ae9d7fa9fef89b00f66182b0a8

SHA256
2c641cecf0752c1304c8635347bc33af057dea6387bbd25104034c5e9488c681

SHA512
ab22c7b8faedf4a68f2794eb0b0c0305f936dcde32729eda147ab693772b01515e2fc912d9f78a07da496fe2125264f66010771f24b90f47647e3729d35b5783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
3fbacbfdee7bd191019a943321ed3ef5

SHA1
3277b8f54bd3d8eca5344710518ffa7cc305449c

SHA256
6a88877274c46992bbeeedeff334094f4e74827c36193fa14664483ba499ad24

SHA512
82129d33100b9217fce418238185ba98f45d7ed121640907c8bd5ebb65408d531097577a6482d506f67fb39fad2192924d03495bde83907c5fa33f092a90137a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
357B

MD5
0ca1ef29617b352c8f3091c9d6f47f94

SHA1
335163653179b3f3813242e91e1f0bbf8aa9a878

SHA256
c63e278e7d4e74b6a56d015be9e2f68a38e353c5f49f1a3aaec7811f8c79c041

SHA512
96ccb652ed84a98203fcc768f96734bddae16ae28b3b4bf70375414a723761ec59a70fed4ef4faa0a15d8f0bb03eb9eccd22508498f0769d54d5d4ced44aec83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
cda703f97805dda74d3af269ab53263d

SHA1
d2c3954ad42826c028b38115387d1f990ce5a198

SHA256
65dfde3d73b09c84cd8996874b949e3e405f0fee8092dab1ac2f87f5e43fa0d1

SHA512
0e552b808701cfda11b6c6731928730241e1cd5d5bfac7c5d6b9ea16ba3185a53312cdf0773f7fb11581e269facf4a8c6094f7067d3ef327c068cfd9fa391f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

Filesize
268B

MD5
ae52241cbffb1512930b58c8f22337a1

SHA1
6d563b44bfc56bcd0cde64a36c255f68743f67ba

SHA256
a71ba1d58219c864cca7fe8763a5ea3fbdadaa4696aae3510da0b62c7b1182bc

SHA512
3155628adde16553809f89865c52fbad832f9eb05db45fa134b6e6d8fda44d4be3ee67fdd1ad7491a670e0ecdaa5023f9ffd9177904df7673be8283c0aa4f955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000098

Filesize
62KB

MD5
ffec83ce432abb07e3fe6523a170ea99

SHA1
91bf7bd117cedc629c14e89a5a5709cb56e92e46

SHA256
f39aa32a22609489457cdc546cf9671f9ec5f5bf667cb78e9ed16e7a520ca991

SHA512
2bcbfa7fe70331bd8359972fb26fbeb7b993a621048a2c7cad3ac4175757f134333f67d2865ff6625791f91b4473e7f8c264fe23693715aa9ed93d326a809e94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009c

Filesize
20KB

MD5
4b24739c5ce349f1148058c3fddc0237

SHA1
2adabee4da418cfe0263b2f6177eae8377f353d5

SHA256
1690d4123a016bde38123230c6dea716d9f6f8d9bd6d78d4bc02204a5765f4f2

SHA512
4fdabe9a33d0b1f2a1d1cdea42ddca9198158b7f2c2b333908ee30e2787ffcde58fee5bdea456702e3fb5209daf3e19028a14c6eadb0ca94668a7ed1e866d255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e93c28037000ee0bae2f02b1b832d26f

SHA1
0044866a78fb0d8261456d4a4a1514d95e0cd15e

SHA256
14428d01a334ba4913843383e03b1e92d0b472264f61f357fb5be71ac3e291e7

SHA512
29a67e1998e4976694a3d31439014fc8cca6c72b95edcde04a070a892959158ebe657168444586f0ff13a37320ff43f6cedc225a0a309e37841c8590cbc5ae67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1360931a057d9041f426ff17510457e8

SHA1
3059ac7d8267cf7e5afc9c099af63098b5990e68

SHA256
9bc93579d24b4a40d0c8a5b6aec3ad91b49e0f51ac831ef804b21efdedabcf26

SHA512
c973a9330fca5bdc2727b982fe2ee4ff55e8d694325e9391cd99ee6a930718c5cc532fd4777693e20acad89428b948e482fc6d629f2db40014fab494850e77a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
33d635f2d2c73e8b2d635710cdae1c4b

SHA1
0d99d97eb2d7ca0ca1571054f7f741174e8f71ea

SHA256
9c577a3449f8a747487c0c6664125d03d24f7405432a30f441cab158b4b19601

SHA512
90cadb6731395583e7d0af27f699116d4e9299db6c8c8652647df920d78370f2caa5f92f5d05cc681c0fd005605babcb9d0a1659327daa60d514a7d4d6495b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
83c437b6d080311637aa81023d782580

SHA1
d24cc5224ec189f84dc596334434694b4be422a6

SHA256
524a953bf91e319b8b3db3c1211cb28dd0f7c252f9e8837846f3ae753cae1251

SHA512
0474b3820b93ac19e6ff0d40f8878432775c86aaad7ae0fb692e2c825721640478c8c84165acf7202f61ff786a183233ba91a12fa9455a258f86adebd958f576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e119fbb0eeb159ca2bdb18465792cfab

SHA1
fce8d4acef66f6603509b0981f4a61591c2ca1cb

SHA256
b130d3c71ef7893c039de70cf7b5144108a76e209bebee9d4a4a9d2e7ee8d0bd

SHA512
e677d6f672d767205ce3a5aff561d5721ea207a0c509b79a13564c0ca5ac165125bc496296f4842104fc25fb6e4940a3250b45b5953dc2f064d05765215c1d8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1923dfb7d1baf7ac49bb302fe2de3427

SHA1
683d4166fffbab4925018f0c47ca293b0f8ebbfd

SHA256
4e724d32ba77aba91704764889536b96628d84d05f508c0538cc5992dde674d6

SHA512
8f6d21ac4933f052527aa28785a00aa0a9792efa325aaddfae6146bcfb6cc9586d3326319d882d93010766f71d3f89d049c07e376cdccc507ac809f76e4ac9c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
39eee16c06ea2ea2b8193b894dc91402

SHA1
7afde2ce413b1c43df611a6b28446623b7c01957

SHA256
6ddaaa109da3dcd9bcf41d1a75cd1ed2813462e9b897b99f9fdf548efa8253bd

SHA512
81be438026c35bd0f4f986c9492705231663d35a7753a455867e2d2c37974fd64cefa32f9d05cec14056a820e9f049f27775340decc1f8cbefefd029e0e246ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e2004130b0ce52a930c075d1008e22ef

SHA1
8b7961e4976820ba833f7ab0f9dc98763f211235

SHA256
5c80450953797680acb2d3ba4aa166db06e622b6ad80ebc40f1a1e666159e946

SHA512
c74ae731ca8d4677c00e28b3dd542d2f496264fc4fe0fca7d04a7ccdd74d19ac776359d76667a783f73aadb4b5391316cf53f3cb070b79ba81cae7cb7b6c844d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
18287292abf6c5a6b2c020af0be63b63

SHA1
7a750e21060330dc0ab0dbdec2391eeb9b165669

SHA256
ddbfd3970d88ea1eb48670bd15adfcb0cd3a2ff293d2d6315d98c75f0b44ea11

SHA512
d461b179d0cc37a007f60cb1ecbf1f2c7ae78b30844ffa9b682b16cd17fc09622553effd97067907ab5f543a332b9c96c67ba002a602f0395ea554ba16b7e773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
916078b4fe9ffbba1c0b9312cebed102

SHA1
36f4d91e07474348dcb2b38a136f6c539ffc48fa

SHA256
b2c82ffac9b870b3a4ba32db6cae9520ec13403494826739beb15f6b60dfdf92

SHA512
c7f5d5ae901a767482e58bb8614c164a9d799c9a26795d9f849c2b4d9afdf2a9aba9872598c35299b9a7cf75792b48cb43f9d66d86a9d3d29f614a12312cd4ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6d9aaffdea1498f55a41cbb81d7871b7

SHA1
cb898ba45bbd8d8a244c1fca5544f632afbab172

SHA256
ba9af5f817ba0534d5fcad1e2250ffac90f37774fbad25de905c6799aa39c9a9

SHA512
8d077a2a448408865e12b17254f04e51fc30c866af0ad02cc23b9b45bf31aa9bf8ff96d6da7c622399270b09fad53b3ccca88b1bb9484edf606935bc12f72ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
10ba96b0070db76bd58347ee317f28d7

SHA1
a36a5a29201b1f76b456e6f112369d8590b0fa1e

SHA256
547718cca55ed3ce1eb0d3e144f43d8a0cf560d1aeb81de85babfcb50c39da49

SHA512
18d63fb3b336605b6a7dcedbec29a70a55e1ea5bcd6e1d019232eb57c9dd96529867624a317b4f465a851a90e899fd82ed117e19da79b06e12222983d47070d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6539953e3c823d93b2bbb0eddcdfff1d

SHA1
f36e20ddcd3eee61d5ece4dc4f784dfc1080840b

SHA256
98ff49c18a2e3e6280c9d17b2c5e3b0447b57250114861b4dbbc78268f3f0f65

SHA512
8452a8f3594f111205671e3468f8b2dd4c8b5eec84db47149780a80e90e7a95cff280fe6a8b2322462717e87e3682be9ee76da6196be559f0c6dbcc80d9fde24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
927ce0e4bbfc5f60eabe709568eb9098

SHA1
0a509f21fa9e5c4c36b092b1d776f732db3bee8c

SHA256
56218b60da7a3f69a884d0d9460cedc91e3aa0269911d82af3961ee7f248f1fe

SHA512
bfc52876a5d6f49f19c5b2a599992921d35fcfd4a2053459603b2ba87b21278dfa99c362a46a7786f024de54375bc7e6d30c80b2c0cd66eee53308647be6ae81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

Filesize
236KB

MD5
9d2a31c764bc37ceda66fb96060143e8

SHA1
c99927375901fd080b3562d603c72566265edac3

SHA256
3722f76f6c1f9e79de1b28aceb34e64de49350abf067e64daf6bf0f9af2ca344

SHA512
94bc1eeb21940201eebce36f00283be6d2bb241a62054c6d967e758b8245e3fda8edf36036defdd04cd98887b2b19dde2c082467d2e0cb7182d3160a5575ca2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

Filesize
351B

MD5
37a0c4a593d0bf00ea63e9a36bee821f

SHA1
9476c935817317498b070346480e3cc59abc7714

SHA256
092f74ab9fbd88df005b1bed6b807ccbf8f64ba9f0a3793be6c05767f7ef4dea

SHA512
45e8629dfd07a5e2bbcb3e53ea1522345f29d9d6e0f151de0438a8ea9ebdebf38cbc140af8ae80cf502e0300f6db719205fca28a7a4e3897a620e4e3634fe896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

Filesize
394B

MD5
e5565c39a15c89c6dac8f9bd342b27ad

SHA1
5e486c3d1c6febc9da60bd9e481d08977296489d

SHA256
6bbb7f3953cf36b6bc02aaba5c31ecaa3a144c7abd2121971b0e396ae3a84aea

SHA512
ba80968e4f9cdf80032170ca71686503a3b0c2f646b0033767bfbbfe960c67d0d12b04987f9db78db25da7a8cc5957c7a29f13e4ab4f09ad4c5c1ad69c48b8d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

Filesize
391B

MD5
f6886d0739e681f2da41476985ec99d8

SHA1
d09af0de3d94fb49f34f5d655c52fd10c92bb5d4

SHA256
049d013337a95ab7a22735c3dc9c94ed8059d371af6391ca443ae97b340db582

SHA512
96fa6dfa9521fdbfc56fd31eab45fe357c0e1061353fc402e49dda121c6f8e5da0c5ec82e299e986999183d6e6289e384313cca7f060068d3b95c09d4dc540b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\4b8e91e8-badb-4c63-8819-cdbaaab25e36.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
575f20a5c0d66a6b651314c39cfe2df3

SHA1
bb02512ff44488ecc321278e81c3d798b45db3e9

SHA256
fa5057dd44ca486368f24cbf193bfdd5c4fadb54c22ab05f7ca19d4448758381

SHA512
cda79d08daadc9fca556f733b6bdce857b43181fae1fcc1f0852fed517676149e64e0bbb47515a2e70a77428a387cdfb946411937c92ca6fca58936ef6d9e051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
33565bf329567be77624cb51f67e03f4

SHA1
961657e83dc90c7985c822b907a6e72ac355a18c

SHA256
be34f700bdd25fa628fe29fb9d78c2e7f8a6795e66a4f8b1097a6808bebc91d6

SHA512
f45f28aaa0fa1c3ba69789270df7b0be3407f4913384b5f672596c47420ec696f6cb9041ca2c14ea6c4d3ff8c787c51a887c6ed6415a364f2bf3553bac864463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
314658d5baaddb8894350ec7d1788525

SHA1
fcf518298f24d7373e63e4b459a7e8e92da928f2

SHA256
6a67ed6320a077d4ebcc51831a08021dcdc3891ef64889d17029811432971bd0

SHA512
ed8bc4265fbf99cf286ccf0243e97a72a57ae3bced7d769f9154c4b8c828a872ff3c4918f50abe6415a896c076326191f66599a40a3a91de9de233f5809e3377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
4fff0968856f4c3946d265cd42dfe993

SHA1
8a382bf4192d1ee155b63ae0541449d2a194c559

SHA256
1fa7739a93c2ad20d2c4924f0b41c78a91394ed7f239550c9b3152d4ca72d227

SHA512
876e0b86eea30bdcfbb38776734a1359b36c7160b4fc7ea5ce7b32aacfcc81e17f6cf7c482a29a00fe19114a1ee58c54a097a9ef22d7d5b0606f9b89791f508d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
e3705e6d71b3b0c7ae385f41f4e98279

SHA1
33c926977903ae5310e7c7d13a5653707e1d123a

SHA256
8f3625ef6c2b088911614b54cf6b185285a83870e203a70ce4e3e06a21dd2f8a

SHA512
375c1a92e77467ed75550ea8c800240e31ea3827a145260c70cd920c5879dedf9005d1b34b563b6125aa17f171f3a094433c2f63d040024252cedc5385e73e09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
bd39212f36c82c71e6a90ef369c703be

SHA1
d6e08de679946e085b7706fb0f525e025db102ee

SHA256
ee402fe7aea86283ead96e9ac32eb5b99e0a8621d618a81d91b6bcbf1cf25444

SHA512
277b481d6b709601c2cbe07540477a2c2d84234942e2138c111d093bc2bc4071d8edcc8ea770bf51f32344db65dca4619f1d1015ea9248cfbb6be956377c8cf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
4ddce247fec66f7376e33946470d817c

SHA1
242ae6a68ad2b0042114e41aca0480f062563964

SHA256
56b250ef28d3580d3bc5abfbf13a4042d8a6043bb345c7293b2145678c0b7cd8

SHA512
dba54fc0a51361c7f1b68944458ee3bf16edf4266b3336038beaa35ed5a305ca47de6e1a3730f5119118bd88d238a24e564f611f074732f093ea5e6402c3bc8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
64c864e4c3b339ad84431bb2d14a2171

SHA1
afaab3668351b2ebb0273088dc741fe7c334c970

SHA256
fa5c9471eb16dd5534711884f3c469c82244d28e297594eb8ab6b04a2fa7748c

SHA512
89f1ece584ed72c595d569687a035802d93b1e5608f5e965affb0ef238f5dac5efee96f8414ccdb2dfd82b01e099eef152874fc73e5b9e11d41a9e8ff53e2a08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
2eec98afc9bd9e511a07dea3b21a8a5a

SHA1
f0b473e7626d847612deee3a53b213d07c4e0db0

SHA256
66e953f487c7ae06413007d787367a289947b2531f1a321e8746a7d074513dca

SHA512
196001d15d96baa347569f5290398150f6b530defd004f77669a04333b2e0c2619b554d4ac7a7a26b80f0fe542cbe08fe8d694fca0cf0216ef5efce06b3c3666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
fa17d4db7b66b5deacf462daa78b7922

SHA1
4e5d7520ee6f82646cbc8f52c1e010464006c9d6

SHA256
67b26114f6c65c8197b70e4cc67fe7502565710e95141846e55df3fe5201c8bd

SHA512
08bedd79ee0d2221bc01fdc934bad0d32b3e0c93b79fadfdd4d77f53b237e98145eb9e1512c209f80f1ed05c5cd5b5289c756b4124323202bb743c508cd901d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
416KB

MD5
d9c31ae532ae7b2a77590b2881128c81

SHA1
12cb3128d675d933948af6015cebc084c4e58307

SHA256
760d59c84276b4c85ab43a29d1efe681a7c75d2ff643c802c637108c67ea8a91

SHA512
6081202e511530009b6fa1c177d4ba9e33a0583afe15577ab9aa6f9efa6b25b10efc435d9906842d6fbc5e0a91e46922b14bfb90de4bcfa5c2fdc7820d253334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
417KB

MD5
8ba05116df8eb0da4fda698df6671745

SHA1
bb0d32585dba869622e02365c0e1cfe3a9cfb786

SHA256
41a8da0e76f5684509e66107d9cb8c232014770bc175cf33c289029ddcd1f84a

SHA512
d69dbc3f7800d5c1616fd91fa3f1f65c1feb5e66324ceb47a8dde8ffdf899d86942da15bf15d428895dd939d8466236345e6466714a427de9d8740314cc38d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
a9fe64d563750736dce0284116f65b35

SHA1
ee03a4e5693d39e0f39256be7ef60ed56370a189

SHA256
12cfc2497d621bd2284f5c1e92671871f4e7abca40a7450a1778f629ba30757f

SHA512
3e54eebbdf0d80246912d32d99ec64a6bc4b4426b59350481b98161c7eb8f46a5e51bb328c171815093022ce01400d58bd1905d3ef2af2389e0c39e7b0248b9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
d383d2db1bea1f07618e85e0f4b08424

SHA1
6018f3b81e49a9da52b4e4fecb6960899fbe177b

SHA256
aa7cd0e4a267eadafa21143726478f3d85c8b6aa8e2401b01a1fdb9da0d5a831

SHA512
274667d8e0952029239a08549a8dae16c73366bcd9df6797d3f8769cb8a3873b449351c9186220bfefb283cb4e39e94854aca1d95b83926ac3fdaa012fab6f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
416KB

MD5
1ce1e49edc4d77d63fd6bec48fcfc707

SHA1
1a6290109ed1eb9152c8d71029c775f36c54a617

SHA256
8265b1e43f131ed8010318d3bd3a95da32e680c74d6c692a2bc6ae483cb632d8

SHA512
886baa04e95063dc556060af064f717f8e9e5bbd752f87d9e95aa8220fd6d5b7a0c662c9757bbe22e5f44a7b0b22b457133d7a9dcce5756b8e56e2d54149c042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
d221d63370231062f1dfe456323d3443

SHA1
18494525786a8e4c36064d2cfa3fa5a90eb96f41

SHA256
3a8435725dee3f92a773519a3e02beb64be63858ac7fc91a6af3882918549a80

SHA512
edced6b00a734c91c811525134f28a2f42a6a351b0158aabbb5fce6225d187dfb6e69cab60cf89852678290d53c2c67a53afbef356d71726fdd39431ccacd997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
a5dfa7266d86424e235cc7bdb8f9df15

SHA1
4ac6ea993df75681cf044f87458676eb91b012ec

SHA256
9752744e511396302859bfeb19ede5e6d8604d4446540ae270fa9d7ad2fad8e0

SHA512
432ed41216006f1d666b0d5b2feb7c28fb04669353a3a12f43494e6167cd8735787a33ed9db2fce3ebf8fd84c607cf2bcb2658d26865ca70a830223664b5214c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\46f51b44-2587-4ca1-90dc-02a06a8ce424\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8196a1ef-bd88-427f-a394-39283d8a1857\index-dir\the-real-index

Filesize
2KB

MD5
593da3fef30fe1fba8750000e3ea8faf

SHA1
74949098ca58995757ecb38c6df009f101573ffc

SHA256
70fbc1b684640f1de606c6de75348162b4c2ffccb3abc4a22d09f507fe4eefc0

SHA512
e7ad5cd4e182987894e1acae4bfeec359d753b9fa70e22bbbb2987eb19ce7eafdd1470a1c914226445a7f86c632f4359e00416f8fa49bf030ee601906251a94f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8196a1ef-bd88-427f-a394-39283d8a1857\index-dir\the-real-index

Filesize
2KB

MD5
3359d4987a4f1e42ffa055e9d146f3ad

SHA1
55fbd3fb5a6aac02d3c2930d3012941b92466aad

SHA256
532ed3f6b4af432e8205f51fb62367a7b585aaef596e042d1ee80399b93b780f

SHA512
658256308ee9b52938ada5f909a51531dcb1ac93a72e9f216ed4fe6d7cefa188d0853e0d74b3734ff8bd62930fb0f616074c572a64ec94dea38346f61fd765cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8196a1ef-bd88-427f-a394-39283d8a1857\index-dir\the-real-index~RFe601263.TMP

Filesize
48B

MD5
2e8c9377257968b12a5a15393bdad697

SHA1
14896413a2f08d7d3163b72f65d624782cbf887e

SHA256
55307348b9cd8b6d2a4f5cde89e7e9a6c68d4cdb62add63c5667e799ede02d0f

SHA512
db2ac78a9a5e270b25f315e0927c7f653bb28b09a7481d5210ce7ba50abcf005df17d654a5b5d1d183a19bad34a4df4c908485994421559f6222bc4b5ad6aef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
d2416a9d4fe4ed97c91bb24e98cc3356

SHA1
681603f04ebfa7aed519df34a699bccfd7675758

SHA256
30edc220866d2911797770a92f43b3e00004b2c371d5c46675849507c7a1f6b4

SHA512
369e2877d0fb6474b09830553ee16f36a43e1edb86e68c28ee312b8201c8ca48b7f25aca7a2dbeea4d05237d44456d6c46148ef8453b93092bf573ea8b3eeac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
193B

MD5
76bb1aad1d627ffff48ff8cf0aaa8017

SHA1
59ee4d3da7dcf83883a11a9f3344ffa819c504c3

SHA256
e3adc97f3cb254c9c36a0b3f608007ffd2822798546b61321bbf7260d8f64770

SHA512
6e412b63024a55229120f064150f9b3c3970650f3048a622c64500fa84886525738bdcb9146bc802825f47a858ac1580aa9d3369a31853c2b3cda2845f02a7a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
193B

MD5
8a643a283ff2aa125cfae76869a54524

SHA1
56aef11ae5e507c7e622ca4c78936e9233af0055

SHA256
984e336e3366dae2af637bbc42fbacf9d58d5eabd5486f9fe993392dd3d090ae

SHA512
8f1e5d34e45bd65fd13116a607dab39a5a55635f7320a764009afea2a7213ef93aaa25ef42fc1c236ce09d62d531be03c5e7b287377b585bdafe4dbe9b8d354e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
257B

MD5
202454ed8ae3c49dd679e2b51718a406

SHA1
cc032765283faa45b4975635f5a7e42079351785

SHA256
8257614a088b43626cfd1e85d9c733dccb9466e3057e3e86b9f8cd7c04677ab4

SHA512
ff82368bd6f779c04e5e31ff0148667ff189009f567f5cf238b4d6a2dc3d21ba3ca29eeb83a4fbc780795e1af6e67198b7b4971cc8d0d5fba753b655ccaa3753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
257B

MD5
6d42f247edd9ce675cde9a131b662a55

SHA1
d6553c45130362a2f18c83b7a34d680dbc12b0e3

SHA256
2d5e26c6515b0a9f71eb770afe14e85fd9d2ed2126c33e3fbb307bd49502daa5

SHA512
2cefd65067f541c163737deef15ac8c6ce590ca703554ea7e9c0fb634836cf8675342f015cdc7eb9206ea6b37b857f903319d54b9f628dad6800af675ab76ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
198B

MD5
9406cb444c0a7937841833bdb9c474cd

SHA1
e82777f4248f253aeef3aaba3a2563d95c675a13

SHA256
1d73f1e8f6781c268012ea1bf57e721be8017136654635521778e94735c5063e

SHA512
c93d94b48febe31abc4914f70c6c988297cf9feff0b606e98b7bfb2243f501b629caa644e91df6934350228fa54449382db38c06562f76f7db16e1be2ad73675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
257B

MD5
20ff0ece7196a97dc66556d8d39e226a

SHA1
9a178c4e20dad3544f1caf6f3f85f47d61b07c4b

SHA256
f9d6d6c82bcb37bf7f6ebcc08724d1ae5bd69ffa54b59b3093b29970852879f7

SHA512
94f1b189bde7fb6627fe223ce06d55161f1d52f6b47c6638bd73e742dbc26f00634ba91a8c93885b77459374c028370e30eb57a1ea05ef1d5eb9e214be8245f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
4d20bcfe44d4ee227f0dfcbbe9438da4

SHA1
bc20eaa9c9b808a7c7a5cf56f545a0a8e0ca5f70

SHA256
df541e090de11cbdc9e80f1a8737b8e869bc3da32eadd3a5f65dc27fd572d0ea

SHA512
7e243c7191a22a80b1d27694a43c051eb41a83a15336693e1fb8019d1d2986a18ff60b22023252abb04cb7282f163e1f0573da2efa81b10b5a639919670b9029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe600a06.TMP

Filesize
119B

MD5
56c9ec134b1e1182eb1aed83a5d73bb5

SHA1
9d975280ae5473136969406fa4a1f8cfb04debc7

SHA256
0e3157e81299ba6e074e416243c6880585bcc701936b5a7a1590a6fd4430ea48

SHA512
bd795aeedfd82bec345cbea867b125dd093a452939ae6f04f802b4cf00f15fcdc12ec565b7cd587ef936cdbb7d780c2717f819440d11d608fe49b16d9d0b04ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\28dacc6d-8082-4aba-9cb9-067408b474cf\index-dir\the-real-index

Filesize
1KB

MD5
57744af49a29eb17a14e0eea29f217ed

SHA1
271dc2421e8a18c6716563a613883e3a5b3fe5af

SHA256
627053d1ec7e48d44ff3501518101f995669717b8cec37cb9a42322399194991

SHA512
01a74f866b384a5e0da6115af8339daeea8ae77cf997395d778d313413172b1d2e56b74f2eef9ae0439171c88aab3b15b38759cd65e7985e355b60dee9059466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\28dacc6d-8082-4aba-9cb9-067408b474cf\index-dir\the-real-index~RFe61c737.TMP

Filesize
1KB

MD5
2d9f983fc0166f6e58cf6b892e134885

SHA1
3080b4110ba464f5885a7834b48cea7f3e730f90

SHA256
eb34b6661bde5454cc2821163fd4bbbe9b3d1162c3dcabde2a8b86c6a237bebf

SHA512
4f4aa483feb139dd40d92fd9dd2bf70dddf2dac1ac146ca72123e8b01b26252b7a127a2b0fba57d7c1ff436b6db4ae70b0bd962e54d98c27f170c1a4290e708f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
b4c84749c42eeb972deff7e9550cc96b

SHA1
025b15a622b3c84473e87f7e8e095a3917391455

SHA256
3874492b2b39c30599c255d72af241951a40885988140b07ef8281b93a2c4ee7

SHA512
57b5de8b2810526d4af8350fc8d543d0a9bafb9800b91bfbd7e28147011cddccea727b99339349eaaf2a99ad1848cff65ca99cebfb11d974f0a08583b9385beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
31057f35ea56473cabb8fd3b66114e4a

SHA1
8680f6c4d1b2d911870d72a8c79fec1e3102a11e

SHA256
edd9a1b24dc1f8d94b41cb9e87c7b300fd026542c85f56cabc281ca01ef5b7bf

SHA512
b41b04e71d0878e8ce3319f4219b3051a2b5abd97640a26e114d0461ec1c2c2ba1bb234277fb570e5743b0627a1fe67f8bfd82285b8cf3dc9ff1642cac78a161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
127ad9246b948bc8a325d7bc7a295465

SHA1
2579b71e40d2f9881e52e0531f659d328cd0c1db

SHA256
c768eb4861ac125bc5c3e99592bf9bf7b4279524d490f8a282704eccc71d29df

SHA512
3497b7d9a8568e4f4e322805437852bfd8ed2a1913df467abefd901287337bc4511e6cd6cc53defeca85c2ef41c149cf216563c42586909561595479f193dee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
e3fb49533076e0b2d384bdad486827d0

SHA1
c8a42f1b0b4cfc35ace80dad8303843d4c381799

SHA256
d78bc585af821f2afd0b894d2f3873d7986ac5d3fc266b1e7063a0f93d9f8bc3

SHA512
010694b80a1b190c707428620a5ada16c0ab7881f714eb0575e5c1510a755376424930a06478a6b615ba73f0e3aba2c19a81ee26aa5424050d2a6bf7e933b328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
5196b9adafb8de988db2ceeb7b8104e9

SHA1
26e45fc4b895d137ff751752e7d7cfea2d0e6f80

SHA256
dff159be976dcaace9e898361417a71547b30b9f887ea0c14233e4ac77ce93c2

SHA512
1178ab13b4450e52614c74cb710fadd72beb67fc458a5084ffe81bb1eb3fbba2f7f547eccb73217427e8852a8b588508d688ee8da844487b7ac25f6a3202acbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe606025.TMP

Filesize
48B

MD5
81d91b7383bdefd7f3edb60f493cd8ff

SHA1
f1456e55c602df2d1ec6a487409c7a043ca8f5fb

SHA256
802463584a3374374834037611a2c2b4df90254e8c5ea9072a2cfecb7dcf0fc1

SHA512
6a753186991b24d811be4b6dea01a342da5509b401c37c5f2efead5ac319a7e042189b54e452103cd7f27ea8a547a687d1184bc6b23b6d3b3f268a636fb4d713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
dbe828ce67820d33a6a156dc80bc362f

SHA1
babfa2574ee147722f540e274af3481bbf9b746d

SHA256
abee6f69b432194cad0df743462cb37ccfff9d3a24260752237bda80f0f3c6c1

SHA512
ae9a3bc18efc367799968ed36a7c1a9dc1006a3d17147a9b5e975da6b7650fee2a0ad788584b77d49777399af276330678744d3aab27e0f77e8c6cbfc60e6485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
9c604dd1688bc31c6ba2cb8c0e8ed14f

SHA1
6165107db13997c91413e144ceca80e923dc996d

SHA256
51ad31e4485f57f3df4548daf1c526f5e3da9eab733a086241b9b84de5dc9f00

SHA512
b2ae1a9822fcdfb6fda5dccfd361544aa8f2cdebe45bac3adc74d6db1024e7456f8e5c9fe42d20319afa6d3b7bb13728d01fdd548ccbd5f4a03a80ff46224f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
f44e6efc6fb14a20483f8c11e19a65b9

SHA1
a360f18ffe1fe3afc9ecdc478ef3452820d502fb

SHA256
66195727b818b49b2d60e47c25468cf945cf83710be7a40506226838fec13abb

SHA512
ba2eecce8f1cda0a6a94560c0d8397fd91779b426bfa1048e1812a3b1176cff26e18e4c185899319fecd305345d9608e404c08261f759da9839052ee87c78a51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
351a9b971bb39a0f147895743127ae77

SHA1
560e6d6e3f7ced71890d5bff6abf46adc7e70a64

SHA256
e3ea0a8b1fdcdaae4f0360a36e34fd66b4f50d6263d5bc03e651f0be0eee7b00

SHA512
8b8fd2a73858f22afa14b2ff4b05abb27f9bcccfddfe7d691e6ad007636d2281b0df016fec39eac6721c34b14c4d2edb18af3106ccf4c228bfdaf99cbd486ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
462B

MD5
f0c8cfb3ffaa00f301599230f3fda707

SHA1
4a7f8c3fbe779ef7d78895a546b22769eccec805

SHA256
3a47c2e20d1904cb405c4b1aa77fedc7a9f5ad26f41660096f9653a259da2358

SHA512
db60be4fba28561506ee0010e678d968dcdcecea608852ece1af037c06551a9ba5dd69e1a30372d021cbb08e779963fe000d353ecca7a2404d36dc298af83eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.31.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
0e3ea2aa2bc4484c8aebb7e348d8e680

SHA1
55f802e1a00a6988236882ae02f455648ab54114

SHA256
25ffb085e470aa7214bf40777794de05bf2bb53254244a4c3a3025f40ce4cef7

SHA512
45b31d42be032766f5c275568723a170bb6bbf522f123a5fdc47e0c6f76933d2d3e14487668e772488847096c5e6a1f33920f1ee97bc586319a9005bacd65428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-stable.json

Filesize
81KB

MD5
2e7d07dadfdac9adcabe5600fe21e3be

SHA1
d4601f65c6aa995132f4fce7b3854add5e7996a7

SHA256
56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a

SHA512
5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
62KB

MD5
8bf41ecdbdf74ce561e50725f9291b58

SHA1
94589ab2490aab93a966f691e2e04782622c3992

SHA256
9cf2872596e131843aeafde336285229dd76072a584bbb251eae4fad15b8e51e

SHA512
c8c4299c9009abd4f03c629c034a23aaf967f770f39077d7366893fd06eb65624822ff0e2a5a5898802cebc8c2d2afd4cb949e530d43b1af6a41c1cce4b560f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
1ebcb4cb245a44a3bb7c787b8ff5ceed

SHA1
05055698d6e5e435c13296b6e9ddd7c4af3cb75c

SHA256
80cca943decb5f61f6dd721b7ecbeb1df76bcafb967420d8464648c631bd2bcc

SHA512
93bb7e9bfd0351200d96252218cd3f54244dcc25247f6ac0e09700a73182a1ee97cb4cf3e11b59813decf7e19325f299ec54bde533b7abd966c9b79c8af3c600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
924a4650b23ccc4e3e4aa88f609693c2

SHA1
4359c05bede1964aa716635811536c5a78452fca

SHA256
f7ede6d11c6bbcd7b85a9558e2fba9684a9e4495755899779025911fc638cf7d

SHA512
80b6a0db3545972524356d443edcc92177d4b8a001a0029ad11dc8333e847f5dfcefda620982db8f57b9d63ac176992164a495bcba2ac0da174d5fd2b1cadbad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
afde2a79653382dd4ee77acdc4b2bf7b

SHA1
9b3fca22eb2181fab84263038f7579ce3538025e

SHA256
70a61e90d2beb5e0c64da6eb0a4eba249521dff565dfc35279e19b758087b699

SHA512
e0be9b441347590ca91c506fe3ceeedfa61fb559a9f5be2d754732c86408976ad7cdbfabf6fe6a108dc0569f08a8baa0dd8913486f0314a105ff65530c540b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
c337217773d99baf74be35f5d0d27e8f

SHA1
81c4f4134872038a1cf51b6a05ead730919f373f

SHA256
aa8d74557046457c6c7b5caab7c20b19545407bb4216f48690c9fe5726e75631

SHA512
a8eb6a71a14a229875fb7ba307ee8bd5c43d0060d7ed6bb2dc4f1b8ed793c841daf7421a7df1a321ca49c00ee43222e2d0f7388bf53ff32b1f3cbe9cbd15f887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
71fbb7632076e6e0985ed11fc586159b

SHA1
cefa154c5daa3cdb1e8eb792014e72524a85bbf0

SHA256
93dcdcc75e8bc553d541b86496709f0bb530ff77a2c6c8f32e19679b17ac6af9

SHA512
aad6d22f3fdccb7cbe19bba42dcf327a3d3ec1d0ea8ef1db48aba7f9f2d6a9eb51842fc498959cf45c07f5bfcbb0f4ab832c59d64abe9c04e05be57d9a82da5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
c45a5a00b68b9061521b080704e8e5ef

SHA1
e111cc41a0a460dc06b5dcbb29cd624762f49e64

SHA256
a4ec7cec38ad87e6c65fbc18560a037b68e162be6babb23208c5c1f575ecb48f

SHA512
d2eaa801c0c43ca9b6e78cfe938c64102b98d5388ee009bacca36385c8568bd93aef444d4ddf778ccd30e1fbe0ffa76073a95ba35ef60ee9a91a126c23ff3d47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
421951546d5f05daf7e6272aaa9a6457

SHA1
8a4817316861cb629f0b1c7059ed24771085ee24

SHA256
cb53561a15a18445d7d53f1b7283c6241aa4a33964a9e5f9ac51818bebeb9377

SHA512
fd3d552b5f3dbf2723600fe2138f141d27175b7a98c30306b277c8b7fd6e567dfc3a887e3d04dd9ee6fcfb7b25c18372a89e7b8c86554e7bf1961d17892d6a35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
116320cdd788d8f364431c2d53518e69

SHA1
bc328d60c49ddaf8dc275883851cc943d096f5dc

SHA256
62f3f356885638811dda2483abb1b92ae33a2363381f0dde71c284b6eb91d55c

SHA512
52a8976ed4bcdded3362ccaa87db116a3add89823e717271f8a09ef38dd95b8f0ba81d4264c3dbe4b0db647be48fe05f2bb7a822d3326671bb0048c0aa91a794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a71261fe57efb8d21d48138c3a888b27

SHA1
81af7e63778993dfeae7fdebc1aa9b3fffde7ee1

SHA256
bfc775e31773d7dc318405c4d42308be4836967e16a1d8c120b7cf1a759dcf02

SHA512
52eb9cace2404f059aaebf54871b83654736b46c2d8bf362e63b9cd00cb8cc0157262c6c20df9a0e1a6a523011e371bd423ce88809a8808b6c55cf4835f418a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
388f184b35a3990d48a1922b6df6b362

SHA1
f1c0ba69f349532b791d12c7b595e4b56809c9eb

SHA256
3d79ea742dc491701733a3010641c9e776772d25c6dd342dcf333e45adf949ca

SHA512
d0a44f9e0d0d88e671f0bee211dc003ae1f523dc69df38d909346ff0eec47ff465cbaca8d7f2e2e5b32b8d443098175b57055452e225c99b47923b1b4a81dea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
e25275b5d2c4b96905bb63d81723b2c2

SHA1
1000e623022b192c28f44c9b37356296d370797b

SHA256
10041a95a46580a2b853b82c044e0e3e5343116ec37af1ae7d13bc2eb890d271

SHA512
9ed78187558bd6b6f6e3979e1f625bf9767dd1c2be6c86b60cea433a88e8580009a87abf53a7f057ab271ea9da200fb7136dd766bcb46b63502e8c7d4bb3b967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
b868b1666031372ccdbd42f2e3618bed

SHA1
7bb5aae9e1797e77d65629a49641fddf5055a64a

SHA256
a148322210f6f166dd364a2897e7374c38cc72718af6d9d3793171f740f0c732

SHA512
30d57aede1815f5e04f40f71e8392e8ccf261aa4591ecfa8419fc4e2a36b47a7950fa760f6ffb06fe21f3e6f09811ba42963584ed6e2c9fcdc5bc1d4838ffd2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
e9ba8128224a93f487f01f340ffa2455

SHA1
8b18137e122137c77c954c8406a9458ecc65983c

SHA256
594bafac92b65740104bef034fe805e9c75f6302bdbbe746e7bd33aae8504476

SHA512
3c5f3ad879e8a585c7e5b821c7c0816a1043336deae5aee3a135c23e4ce519eefe0494af6c274b29f2b5c3a920db82b015a8a18d2f3133b44e71f2f23945622d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0e42f33231cc6a788f3ae74f80b70449

SHA1
42cce9df9e6ad5ac00e1114a0b86435b4b056190

SHA256
e90050ddd8c7fd03827e5ad66e8580c9a8b33302310b3b48bfdfc78eb2f11e3c

SHA512
a32abe9816a356a7e4cbc1d4c822b84df75f2035999983223e168e586105f82bbd981f8e959cb9670bc3f5630ed64ca41a7399d425f79c532d6bd65f5e55f3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
65ab7f01ca6075b92b46931792ae98b5

SHA1
4320bc059fbcf94424251971d7d769def0f0a66f

SHA256
e0baecf4f05b7e1078e51743306ce4a9088a66543aa30da703cf940c1818dd15

SHA512
36e4bd4a524fee2cd5eee9181199aaeb2955458805dcf32768ee8d2e666576dbf0aa5252ac4a3a4907b600638cce931eab6f55b9b558c3b50bc8eb6907d2d0a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dc35fa5-ccef-4585-bb4d-462ef6670b70.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ub5mhz32.afj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\CertificateRevocation\6498.2024.12.2\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
eac49c56a9bbba58245fda644556e55b

SHA1
cf808b66d446f57b36d322f66849ecd67741e0b5

SHA256
6fca1d2bd74043a8bbb5b72a0cc0efe17d115f632544e9bb1b01499cbf3430d7

SHA512
452740addaa1cb7c550fcc25966fb9c9b649eaca375ffa96d94c07fd28acc252de54cf01761b207d92792a5bc768e2273f5f2525c0c5a28d9aafc76b815c8346

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
bcd9d6e2b1a4db58cf946507f60533fe

SHA1
19b52fa843ed36ba016ac1f5a193d99b3420346a

SHA256
d219678547995e9a29476d7ff5d3f6ef1c775bb666dc9ab7ff384895851c1134

SHA512
b5ac183c5a605f282883c3ee870c875f6746e73d473239d3e2d690f00fc1a2990c4267029a1efe14c4aff807d3a10366b9a90002f0ee2f7c8d571674f4585268

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
e5ed5631d8420439037eb66f7c33fe44

SHA1
97d602de366c594d79b66cf9a04d26cff634a16c

SHA256
8f652a822fd74d7069eef7d7ace6ff5666c367817a678630bc5b5b4a063cf3fc

SHA512
9c44993c3fccd2cdbd58bb00817828c85740ea73384b9ff160d996d03739956d28a7431a6172aa1e25acc394225b91db4159669a28154e9d127b596f44087c67

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
88c3dc692d032248267569aeef7a2151

SHA1
6063d8916b235a50d3ee6376f38e73262919342e

SHA256
1314cd85dba4fff92bbbaff5e9ca1e171018062273579913332bf30870071365

SHA512
b2b2af04a3934df16409ef8b65b71f4d7ceddc9c6db6db937325290c75f9751b2c1f5f95d14b6ae873c5d94e01f0daeae28dcc9ed7d9b235584fe4f2fff706d4

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
7a8e7637ca8e21ba950168b2c4c9029f

SHA1
837e55e34ed9c809ca2d9ff3452140f478a090ab

SHA256
22b5b12f8c1ef9327adf6e2af198bbdbea9f2062f16ff052f35389866f6c4f99

SHA512
4ec00d212afdac736aa0985e2e92c4289ff808458f7539cf87de650ec6bf1d6739c6f7305a3f2da790a6d03caec35ff5888619f0cd3ba881d36a728408de28ac

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Network\Network Persistent State

Filesize
427B

MD5
5b80b086cfcbf54b10a8f80f603a75ab

SHA1
11b4b8e0eff55626843a1320cc1a68bad53168b3

SHA256
b2d331443473da59b076d6e400d4b75e61cb157a92ef8b00db8647c0b36289b3

SHA512
fd03ef0e10b35ca9361f1c035f499d5c0487f76ca96bbb15af4ed48b64d4cdcb72f9c343e967e57057499266ad9097b0e939e6664878d47c11fb88687f41bde7

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Network\Network Persistent State

Filesize
427B

MD5
3faed09eed1d5b0be61048168ca31d15

SHA1
81068480ed5aa00d2049cd9a7f23661ae0173b75

SHA256
dcacde58cb094aaa9c253d1d649435ea6248c76636ef89374a185cb54b299f54

SHA512
b9d3ecd8010ad360ae750ca91b034785cdc76637c43a209f69524330b794d28f6a55eb0edd4fd80c194c58f62a7a30a53e9060a65e7b9acb686499005d79aabf

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Network\Network Persistent State

Filesize
396B

MD5
41c6555d6f450570f7c4d46ddf9bdf61

SHA1
495eaee95fca0047f871a3249a635a3843461e8c

SHA256
5ede2c416318a36bc8bbae743d5d10be80b6f94ca1235c56a9dc2164ac6654b7

SHA512
b1830f04900c0e11c8becbcf96967c1370bd1f59f7feafa9dce465875886fccd1f8b7141a1c211f0e99b7915c88c6a1d65038f8c3720153349a2f7c9b7750462

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Network\Network Persistent State~RFe5b79e0.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Network\TransportSecurity

Filesize
188B

MD5
e92ae875c401247bfda89c2a14b7b1bf

SHA1
c2aff5f9daaf8c6b34ecfb642a63b47463986a07

SHA256
c5478dd962546bda63175eed4810321ce9b509eebbe63872371ea0827a912d00

SHA512
313a7527b0e86ea03b0daeecaf77a2b21351031abde62b1f02bf8cf6e93324bd9e4d2183fcef9e9eea691078f461859987ead931412b8f11c2d0ec38fd824a1d

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Network\TransportSecurity

Filesize
188B

MD5
fe512a6617337692986e0a3302dec25e

SHA1
c6926a0a63c7021af66f700f798c813f84183391

SHA256
4d292e0c6ef6c04bf445085c1e03143d3d28e7f0704e1f0c7208ed1d67691c3c

SHA512
415da6ef9ce5c0d797a761feb274f1ccfce81ae0c42703872deed392a29b0fb8161e47446057ba12a165cc1552f064106c67c0d9ca2ec29791d8d600570f2313

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Network\TransportSecurity

Filesize
356B

MD5
142cace1b9cdbe7c8f13d38ee7c01677

SHA1
7880cfc9f92945ea5e5f0b07703c1b56e59298b6

SHA256
a8a6aa2334cd85c023aa60a2a532075480d795f92a8c72444b05245de7f68609

SHA512
aea9aad253f4c321cfb32f534b2c4e3eb807d4ebc8be4813291c036894340fa04c10062102d2856a95648fdaf9edfe606dadbd76e5a2fd05abfd6d96a040f1d3

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Network\TransportSecurity~RFe5ca59e.TMP

Filesize
188B

MD5
6d62901a0f75bf8727ae66cfdd8872c9

SHA1
8a1c2b6f35527eb8b0ac41d6e57215887ec8f0a4

SHA256
73baa3e5cb1afb11968116a828615b1ab7839e8b053e9f470519a56068954f36

SHA512
6cd24f52d3767475e471b1ea8e937b1adf3c09195a230ba3c13bf9274e1df0ad612785d23ccef7249d5c293f2067ce4926e2323525c31e337a5587d8fa38cfe1

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Preferences

Filesize
6KB

MD5
e803498139d3c6b49496bd8e573aa4bf

SHA1
4e9ebbd4a9f8f79b03e02d84f418996558529075

SHA256
533420183de047036dbce5daaa63b120be603ce09a4a7e40df88c7a0b37604f8

SHA512
e530a64b6ede1a5292a15724d5c4a732c629a7a0ea562d2d3e9f6a229853f1725181b2bc65e14156ee8346ce55dadad338e836e79ae0ed6c8c72fd5a800b555d

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Preferences~RFe5aee68.TMP

Filesize
6KB

MD5
a67c0eb2b1376f7ed8c7ac65ba3fb52c

SHA1
5ae18cd5fd3032c19996cc2b5dc4580e71517d18

SHA256
30f9a61707fd2d12e81cbd5eb71cf48c5ccd053bc9e7daa9c8c5844ce14c537e

SHA512
2f057c8c6e17596ba61eb6327dc7c2de5465c8e631478434afdff24eb22f361cf6daf4f469a04b63c7efcd4b7b550eb7b4d38302e447bf0c1226a8d555a5c778

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Local State

Filesize
19KB

MD5
2ca917440d2016b645f7e04a9cc497cf

SHA1
f5a60c0cd83a6f602839523ebded121f1b8a86d6

SHA256
f10af6c2538d6e3b2fb7f3f1514a5a65313d4d15f10609052acd2900e58b0974

SHA512
3d05c1d7c39c454bb988b3b7110f2cefad49f08b85a1bee7ac1cb6511f454a63d6ff40593d4dc37efb5b4644fb5144cd612f97f14a09e59e1ce47bc5dc93ecf9

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Local State

Filesize
19KB

MD5
d760ee7d00b922af9ffb0b425d28ce52

SHA1
c688d5e8edc1aaddf81e59829dd92482937ee40f

SHA256
3ea2c309c4fb5da793f2ff7de97a688165b880eb24a48ecfaca82eef78b03c8a

SHA512
4d873b0a9a50c54a038266d11e0d874032e5ee8ca96923a77b4aee0bb7e81e20937d1f52ff1f1ab315fa0268a36e1d16eaa8941213e2abb75e75e5ac614ccb42

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Local State

Filesize
16KB

MD5
01dc702055afd33e44bad697df655af4

SHA1
a34f63ff67391aa8bb9011a0e27d3fedf2452fb8

SHA256
ec2bd97b6da1908f6b132315123fade123c69ef20e37d5224cbeaf144f9a8294

SHA512
77c8c6e1d497ad8c35edc12d0df7e32d3ef3d649efb80403fc779b07af7d948e3d59a74f446d0d1b21c95e200b99582587aa8a67d1b835b9917db1d47f9dc518

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Local State

Filesize
1KB

MD5
ad1c0db2e9280cc8762ebaa0f1b3da15

SHA1
821c8aa616fc5710cbf87ed50ae819f5aa7ebeda

SHA256
d9225d0c5dc7cbf481fa35067df09c6c4560565fc9977fb983c8180e39bbff76

SHA512
9ec586eefdb10a209965a842e15086a3adf411ae04edbb323cd9b7511cf5a25f107d3c9f4bc5090794f88e7a546c85e279d3fecb7bb3410845447f6f0a3e385b

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Local State

Filesize
2KB

MD5
8795fc8bbf5856ed1d1f7237dd06f3a7

SHA1
4c4af3fa939bf8dd43596c7e43c533c2fc57ef30

SHA256
a4fa07d6242054942f3fc5d8807ff7a5bd3a187d61981e109cba5963f400cea3

SHA512
0ae56d9aa645e0ba88e8dd3341d5b2511f728236be19142050772b484308f2aecc4db53fe320b099fd967eb82f11f0e0899b68c38b31e5edb325b9dfe492f4fe

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Local State

Filesize
3KB

MD5
a5fe8cd9837b1137bc68ec9639cfb8a5

SHA1
03c9997b2b5a37aa6fbe78ce4fb6f986c02c55ae

SHA256
2a67b57cb1f103c1fb30f4eb6554ec6f68d25dbf14df74a68cfa7764149261c1

SHA512
01042079c92cd7058e587bab5a3a491dcb0f50eb6b33c648701c8ff2815b6cdb129a87486141975f711ca6b09db19676f8a7f70daf764b5de672d68f68ce90ff

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Local State

Filesize
19KB

MD5
71d9c5ade524129db349d8b8522f0f0d

SHA1
349df03be59d8cd43a4168be9abe0c52c772a94c

SHA256
eaef204ed4d05cdf0bb1451f5c406ebdf98eef450743e0b29f8f91bfe1556fd4

SHA512
17f223e06988696f2df36557dc7487ce8e323b43ae75608167f81954b380bc2d194cd81f7c717152f3c1e477b308533dc4aa2a1fa7fb08b27eff994cd375581b

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Local State

Filesize
18KB

MD5
be75b0dbf1460b9bfbc65ae205c90e10

SHA1
8d2c241d057170bf4f4289961adee735bb105d1b

SHA256
8e2b1748d0cde1bc0f8a06ffc644a20bb954f30fac79ae5794e47402d31e96f4

SHA512
ca0b2fdc0dbaf6558e795e2ed4087209ed0cac72e051896d9de082e43e488f9a6127957b705575e6f3473a3d8ff519282e1e89101a5deb7beadd934701dfbd52

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Local State~RFe5a4f89.TMP

Filesize
1KB

MD5
b951862c8688707e54d0e492f13f9bed

SHA1
b1477ee2a051bb71eace54452e44961ca743c767

SHA256
7855c9fee39eabace5b283d9768aab0062afed05bfe7c5d5bdffd2ce1e1cb0c3

SHA512
bb40d44e0b43818f1000b674340bdba3b489383001acbea68fec7e744ec6ffd3e274b1967c46c262d6f0237d6ddea0e7f0cd22dc918bc5dc9554453f9bd0d624

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\RevisitationBloomfilter

Filesize
392B

MD5
454979a08978422046c2e46cb22e30ca

SHA1
380a1c393b373aafc6a8320e97894b889e8e5b1e

SHA256
e6ccb1e1def65c89fc3eddf79280140e0cb3ea529c07701231e91dfc26b58809

SHA512
bed88292d681eda1bf4971d7204b23081011a6f12d195532a8ab1db8f26d401228d969b3e3642071e06d3e1c0de402bf24fd9b3813f1c3d6ab90a1950b8a56ea

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\RevisitationBloomfilter

Filesize
392B

MD5
6548dab6ca4ed5ac4c6b64a2a0fa1cbe

SHA1
c7ba8009041cff1066e556d07bf36a7464903576

SHA256
e358548cd5b3c44ddf2575829eb057ba394d47b4407b1b862bbb35f3f724f2d2

SHA512
afb92bc5be000cad72cee70fab902ce68f76d3ba0e99a9c08494273f2576cae906934937f53f68da8cc759ef9224e81bf26212d172283dd061a7c8f1347b8384

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\RevisitationBloomfilter~RFe6a6e9c.TMP

Filesize
392B

MD5
1d29ca29478577c05b1d200dd4abd4af

SHA1
8eddb7d955c4da37b3e0e471818d1bb68cccdee6

SHA256
aa843951817729ca1f920290d79883350084961894b93b694946273b47596aef

SHA512
57397e69fa797d56793688b319c5bca4b0440e05c430c0369d2f5daa499b8e4ab31e4d929af0d4141d6a36bdd92b78fe96233abd204d84df660785274d143015

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\swift\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
3bf8ce7fe6fab8573c040988709a7342

SHA1
2243e07d706d62e0efae09f4137d1b3427f2358e

SHA256
0cb58ad5178e7fc32c15af7d4f74fee66a0ef541e5b52c40c59714f9174e38fc

SHA512
ac33d6c73c560748e66da6e677e0db98a77868fb5a902945fb87d9b964cf0e0ca7eabea7709b9970b62600d838c5ae39f6682b940a8ee0ee1947c8d7c03e9bef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ab0faafb33709fc1a8372da425e39c03

SHA1
1fb0dd876b2d514798696fa1ed73cccf3772e052

SHA256
68559913e0538ca65aa95054cda1243296135e5390316c5c44956a52f2453cd7

SHA512
86f911e7f2c6c5ce8667f5d17d15512e54ee61bff33589ad1dec14951d0d00d076afd2deac1ae716241ce46c4af04d4bb161e56c67fd3f6d6c31aca5b2c9f900

Download Submit
C:\Users\Admin\AppData\Roaming\Swift\Scripts\untitled.lua

Filesize
52B

MD5
2f5f70e5db9d3516b6b15646ded1b9c3

SHA1
09a2b84f14202d107e4878fa60f70b0ed5cf84b7

SHA256
62227974544e001d5eba37edb6b77de45753fabd71678dd48f021f8b80f722e8

SHA512
0ba5ae9e1907dd01bcd91b6ad1abebf4e45b2d29be737085fcc8921a4198d71c683601bbc550b67287069e183f9bdd73cfc0561f7c0d98e52e24534b1eb8dc1b

Download Submit
C:\Users\Admin\Downloads\Swift-Module.dll

Filesize
22.5MB

MD5
c568dbc5fd90067a6712055023a18568

SHA1
1546683eb7ed167b54b9e4fb0a8ae72374f688e8

SHA256
ed927320654bccb0164b7c1e8835975ec9f680d607cfea982c7a0a103684d188

SHA512
72da4af29fd9aeda9851fc0a0a4ffc8a5b35f260074f2203381a760c94e4b836fe28b11186a6d3cca4d01de65893c0063edfcf355268b689330915ab66339816

Download Submit
C:\Users\Admin\Downloads\Swift.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_1122727362\_metadata\verified_contents.json

Filesize
1KB

MD5
28706ad42e4c615a683c2494bc0bd2af

SHA1
6b0465b3d5e85a3ea76c646ba8652c4dc0248dc0

SHA256
709bbb3e3a17e2b7bbf9f4afdcf465312695342ce4eb203df284233eacee086f

SHA512
e95da92f1ad5f56ef61a5992a1b465d46f36eff1fc85643cc5ab3f357b6f14d81a5b5590d0e18d4da5fcc3ac537a469fd0c15b116a3471536707a9716119fa5f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_1122727362\manifest.fingerprint

Filesize
66B

MD5
5ddbc1878fe757e9fb5be515f8f95864

SHA1
fa7d42b5adf36a370a95a0abaa20c6094b2b47f8

SHA256
a0b13e5ecb7638ffd1e054301fef148b47ea17bc528779c56d77d4e7a6152983

SHA512
ae2a76a48c46a90085a46cf03eca6576ccfdff6d76c64f095c2d657641c73054581b3e8c8738d751f2f8465fe6a2298e01188f807175fd7f4d1995078c7bc1a5

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_1308558058\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_1376076476\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_1748119509\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_1876433756\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_2026158991\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_2026158991\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_205720915\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_205720915\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_205720915\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_205720915\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_463063498\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_463063498\_metadata\verified_contents.json

Filesize
1KB

MD5
e88d7cbb64f8ad6eb60e61c46a67840e

SHA1
32f5919ca1466ec636104c7545e8ba9a3b956fc3

SHA256
9b791c9f3350a7b4ef88f1837fcd7a1df7c51e0d0af13dffed00b5e9817c4cda

SHA512
19ab9478c7b9654612076d61af00072916cde832be5ce3d729664e3912d1e205a6abeaef1f835165f7979f2e08f0364f1cd1579de5f3180c24dedbd9558ce902

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_463063498\_platform_specific\win_x64\widevinecdm.dll

Filesize
18.5MB

MD5
7a9c7b4aa7c6c99330ee4496171de50e

SHA1
ca89ef9a6bc7d18823e4f021d9c6a9891ec0e407

SHA256
3ad250fcf3de7124fd9f5f018ddad2a70193eaf8be0a9d939eda5068b52942c9

SHA512
13d386af7e387d6fcfeb64681201a4ccc29454691ef3a345a5fc9947bc362685a1036351a322c4fb049ac0d266b8dc36807359dd722b486dd0907077c486f48c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_463063498\_platform_specific\win_x64\widevinecdm.dll.sig

Filesize
1KB

MD5
22f6cb93fcdffb269e3f9ac4d2638d21

SHA1
3323c9e919365cced3310d3d266189de3ce2fb8d

SHA256
be58f1486ac3d53576bb0e37da40114ba036530bde108ead07ae2ccf763bfacc

SHA512
015f3c222943d23bf3713bcdc6d8de0ea9f86372ccafd75708fd584517da2e6f05fc7d996e191aae7c7d39d9effd509fe7e2a688ce8f71c2dc6cb045a67de6ef

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_463063498\manifest.fingerprint

Filesize
66B

MD5
f43132ec8b72e7de0ccc50a0edd59b72

SHA1
1ab56d0dc1983bc5de5c678b9c194050a435808f

SHA256
51a6559a071e2cb9bd8d501d5ee8bc169cb240934a7fd442fe39b531755b4c4f

SHA512
f59c348a0991d9c6d1c4c643c787baf0a56246fc4e05f60a649d9ffa23e23455484e853bd577881048c1e1af79b79b88301e963b282d07643177884d38f88600

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2760_765082499\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1656856283\manifest.json

Filesize
121B

MD5
16f004af39a3675a73f5c15f6182a293

SHA1
e7027edbadfd881e03d8a592ae661a985fd89cd7

SHA256
4e5ef1851bc910ceeb59a63bb53725cf5d8149feff9483e960b54cc26fdc419b

SHA512
8ef0d80259b5a38424676918f07238a76c527b643267008999dc3b2cff5c93e29ae85cbf0605f0d0b4f880fd6ae96254ebd30e5b80097eea95f5d27b5d461ff6

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1727047664\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_1727047664\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_2104487843\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_419679583\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2868_545262894\manifest.json

Filesize
145B

MD5
465cc76a28cc5543a0d845a8e8dd58fa

SHA1
adbe272f254fd8b218fcc7c8da716072ea29d8ba

SHA256
e75fb1fa1692e9720166872afe6d015e4f99d4e8725463e950889a55c4c35bb9

SHA512
a00286cd50d908883a48f675d6291881ad8809dcae5aca55d5d581e6d93a66058e1fe9e626852bf16e5bb0c693a088a69d9876ccac288181b1f74254bf1da1a2

Download Submit
memory/1948-311-0x00000232C17D0000-0x00000232C17F2000-memory.dmp

Filesize
136KB

Download
memory/3088-304-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-710-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-1222-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-1156-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-301-0x00007FFA37167000-0x00007FFA37169000-memory.dmp

Filesize
8KB

Download
memory/3088-1145-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-827-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-732-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-490-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-730-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-834-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-825-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-814-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-300-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-783-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-328-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-327-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-708-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-676-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-697-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-305-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-734-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-303-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-302-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/3088-856-0x0000000140000000-0x00000001437AD000-memory.dmp

Filesize
55.7MB

Download
memory/4884-694-0x000001FD02550000-0x000001FD0263A000-memory.dmp

Filesize
936KB

Download
memory/4884-512-0x00007FFA36400000-0x00007FFA36401000-memory.dmp

Filesize
4KB

Download
memory/5368-845-0x0000025B2E240000-0x0000025B2E241000-memory.dmp

Filesize
4KB

Download
memory/5368-841-0x0000025B2E240000-0x0000025B2E241000-memory.dmp

Filesize
4KB

Download
memory/5368-842-0x0000025B2E240000-0x0000025B2E241000-memory.dmp

Filesize
4KB

Download
memory/5368-843-0x0000025B2E240000-0x0000025B2E241000-memory.dmp

Filesize
4KB

Download
memory/5368-844-0x0000025B2E240000-0x0000025B2E241000-memory.dmp

Filesize
4KB

Download
memory/5368-846-0x0000025B2E240000-0x0000025B2E241000-memory.dmp

Filesize
4KB

Download
memory/5368-847-0x0000025B2E240000-0x0000025B2E241000-memory.dmp

Filesize
4KB

Download
memory/5368-835-0x0000025B2E240000-0x0000025B2E241000-memory.dmp

Filesize
4KB

Download
memory/5368-836-0x0000025B2E240000-0x0000025B2E241000-memory.dmp

Filesize
4KB

Download
memory/5368-837-0x0000025B2E240000-0x0000025B2E241000-memory.dmp

Filesize
4KB

Download
memory/5768-627-0x00007FFA36400000-0x00007FFA36401000-memory.dmp

Filesize
4KB

Download