hxxps://tinyurl[.]com/yn3hsus8

Analysis

max time kernel
229s
max time network
233s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2025, 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tinyurl.com/yn3hsus8

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
1000	5252	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_1354200638\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_203534502\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_669905092\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_347450733\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_203534502\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_347450733\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_900565301\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_669905092\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_203534502\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_347450733\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_347450733\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_900565301\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_900565301\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_111648544\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_203534502\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1792_184695890\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879124314907376"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-446031748-3036493239-2009529691-1000\{F1F191FB-8C64-496F-8E51-E271262BDE5B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 3088	1792	msedge.exe	87
PID 1792 wrote to memory of 3088	1792	msedge.exe	87
PID 1792 wrote to memory of 5252	1792	msedge.exe	88
PID 1792 wrote to memory of 5252	1792	msedge.exe	88
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 3520	1792	msedge.exe	89
PID 1792 wrote to memory of 5868	1792	msedge.exe	90
PID 1792 wrote to memory of 5868	1792	msedge.exe	90
PID 1792 wrote to memory of 5868	1792	msedge.exe	90
PID 1792 wrote to memory of 5868	1792	msedge.exe	90
PID 1792 wrote to memory of 5868	1792	msedge.exe	90
PID 1792 wrote to memory of 5868	1792	msedge.exe	90
PID 1792 wrote to memory of 5868	1792	msedge.exe	90
PID 1792 wrote to memory of 5868	1792	msedge.exe	90
PID 1792 wrote to memory of 5868	1792	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://tinyurl.com/yn3hsus8
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7fffbf0cf208,0x7fffbf0cf214,0x7fffbf0cf220
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1824,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2248,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2552,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3464,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3448,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4816,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4336,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4756,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5584,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5584,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6064,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6092,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6572,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=5944,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6588,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6280,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7060,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6412,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6356,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7304,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7448,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=7472 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=7604,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=7624 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7764,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=7776 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7768,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=8064,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=8080 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=8316,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=8304 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=8460,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=8468 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7452,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=8608,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=8904 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=8452,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=9036 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=8268,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=8088 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9636,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=9400 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9624,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=3680 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6888,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=8956 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5308,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5300,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5480,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=9640 /prefetch:8
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6812,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=9192,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5700,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=6824,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=9288 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=5344,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=9332 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5796,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=9344 /prefetch:8
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=5468,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=9660 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8076,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=9100 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=9776,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=9796 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=9564,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=8172 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=9396,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=9760 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9028,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=9984 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4924,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=9844 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3684,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=10196 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=9752,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=10208 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=10320,i,8649126174792696440,8567448461919823694,262144 --variations-seed-version --mojo-platform-channel-handle=10344 /prefetch:1
  2⤵
  PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:6060

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1792_1354200638\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1792_1354200638\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1792_184695890\manifest.json

Filesize
118B

MD5
cd1d4274760a18d1f06020875ed4e124

SHA1
ea252982d53eee1c8836745044006608f0bc3da6

SHA256
5ea4457e970f9096c4a5b204324e33cd6dd51aba345ee3d0e9da0a4220409c27

SHA512
aaff1c564bb6e949e272c7df4a64f775e369c8a49511297992892e15092be6f83ce84a28afd6360dd6d76c9a503d452bcd8904f947c975b32e7f695a6818bfbc

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1792_203534502\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1792_203534502\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1792_347450733\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1792_669905092\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1792_900565301\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\405b54de-ea99-4bbc-8c4b-70c95d05a8af.tmp

Filesize
41KB

MD5
1befb6b87ea8b9cff973a8a23e090aa2

SHA1
e4085fb6b50a938e2a9c96f972a30b2dfcec1743

SHA256
a1aaea7c89c7a6848f3f95fe222a0000da89c58682b94cd69618ade28d9c9a25

SHA512
0a799ef271e3473a11fc8b85a7ed63b255c6de9b719d4321745c6b781746b2c8f6258b68b0bc29e73d866908230efb1a66aa121a08b8a9551320ffa51f6d8277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8625e8ce164e1039c0d19156210674ce

SHA1
9eb5ae97638791b0310807d725ac8815202737d2

SHA256
2f65f9c3c54fe018e0b1f46e3c593d100a87758346d3b00a72cb93042daf60a2

SHA512
3c52b8876982fe41d816f9dfb05cd888c551cf7efd266a448050c87c3fc52cc2172f53c83869b87d7643ce0188004c978570f35b0fcc1cb50c9fffea3dec76a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
3191a5d72787945d82dc167e1f81c4d4

SHA1
50d06c4496d5ef85e69d6e45e6c84e9c15055c43

SHA256
3eb0f5eae72c39446cfd7c2ea02f73cc5cb4cd47fa5e92a3d5686a90d9c92b0f

SHA512
b33308eef882d1cd09acecd96dc90c223d2db056876e3c875f30c002df00d8afc0d217a356d603f33dd0f425d722dbdf8ce0c89f2dd7083f9fcd7ad9a1fed383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8d1ba690c33b8e6bdeb75eec95a9faac

SHA1
cae03d5dbb3a84afd80c5135bfe8541f5e389e37

SHA256
0e6c42fdc884128bc5d5fa8a72e5ec0a88b7948e046f15396450b5b8b426adfa

SHA512
879a55989af60cd8623b8d709cd21135642d8c7c30ff4fd485d4c5093659aa398dd333b8c4175432e8d134e169de37ac12e8d8d8bc6c45da02016c1498fbc9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3f02e280ce7bd99cbded5042c229d89f

SHA1
cba90a8c140a6e50a2490be094ab05c0977d72bc

SHA256
bbb86039947d7ab9747f9cca113ba7e283f569842527bcfd8c284544871d6307

SHA512
2caf34bdcd3ef8694317d505836c620da00b190bf7a5202ec120d4c735abe457eacc5b014691bf88da7714ceac50125f6eee271af6495b1977612e3b613c790f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7fcd13020873f880e1edf8b330a7b354

SHA1
2ff08bfad780ae6009a161fe0ba0fcefe50b8436

SHA256
9da6d2decde4e53f2f104b4a1cd189ff577effb51876700bdefe78fc8014cf9a

SHA512
da0ae6fef1b2e509a3397777718214563541e200944e0447d8365bd40d6662afa2a139c305acbff558c8f923b01184371d923e5583b40c7cd8363be3b95479f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5806f0.TMP

Filesize
3KB

MD5
522cac018f4490f56bd4710533fb0418

SHA1
1cce183b57145ed9dddbcdc4305921fa85622ac5

SHA256
3bb8005ba012fad784d1479e865d207fc1548d9498d6c0edd0c97c3b7177d595

SHA512
0ca3664e41df0229260bf6fed03308eb771aded16f2f5987a0f7f765ce8012e0a00c0a64d3d4e75143ada62bb805dca4eaf601ec4e0b1df1aaaf90a2f41da57f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
26KB

MD5
d7361ec335101ec459cd3ff5580f2f07

SHA1
9972765a3faad51875b3627e26444cc54e727eec

SHA256
0e2e9040a170743e81f1514f464ce3a0a66371386f140395f2bdb09815139d33

SHA512
d89eaa15195f547010949dd7a4f27972d305834580c091a1e1b29e7942f3fd660fd42b9fde1b00f27fd33d575b107c8de419a6184f3cd8877ba18021fceb40cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
42698769262f4c1d90d96f5a5d10b725

SHA1
01623f8601f82ef9e8dc2219e260d091fe6a893f

SHA256
7fd8b6ec330252c31e38b01ac70f0f7957c4cee6a054c22ae68a00b106bc26a0

SHA512
cc9daf13299ed971e4a8a5a4010055b8bd4c82c1576b41d3c8c03b5498278715839a63485b5c312ced30bdb28b8f452ac42be37d5279df58b173a322a28ff7f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
02989f9ef2ec3a945164de0f3176e1f1

SHA1
1a9ab529e3772a82766579516f2195bc0f1b860b

SHA256
6ba4677436b425176589b57870b84afbd40bd24ba313a63154fa0432a866fe82

SHA512
9b90d0f533668dbda2c541f2e2b96e604dfb7b253dc5bee836d5544a2ed16694aee3e5611524a2f36906b79f06c0de72882fa8d05184200c7492ebdfb8e2e33c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
40619a6ce514a46cbbb01cf565a5a421

SHA1
013bb90c93b216b1762fa5142c8ebc88a0127702

SHA256
f71c7289f8337fd343ea2a44a02d65bbdfeafebe2b67115b4e10eb99d7c43ed8

SHA512
cc7097a12fbd4be232cfcf9357b33178da20d6d202e7f079d384f47f91c31fb3abc9a064bc9e5ace419f1e35600e8a07e06854e55319f7cc5333b6cdce5f5560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
50a5e2e9beb6d236d1806c1e13b28ac0

SHA1
d0e5ac15c530cd144799dca8c0f9b40db5615c6a

SHA256
8271fda98cb352e67691af5ad0f52fe020410672290acdb7b2ea3ecd8703a103

SHA512
853b26ad9d39adb9a1d713324f00f60d65af391d1f6dbbfd494705fc79e691092cbb971f5bda6ba8ae3857da72cb9019dbe6a46fa62f8458bae9de06751d23f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
7d3d9375ddbe851856d21a4201fa8022

SHA1
5de1ea2df3ba0318066ed8701f524df86ab947d7

SHA256
06600a83aa06f4a1d5cf4a1f4e90b9c30805360c15cba564d3a8cf3d3f27e8a3

SHA512
0af2c2c81821cd6b4f248cac5b5d756f614a37577ae8d9d03659a387f8f9fb783a6950e1d72e462c91313319db987769618d5bdea39350c3dbd2888d0d16d355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
a646de33eb418b1c395fa39ab68ed1c2

SHA1
b7f552b9aaf5543e056d4c0235c8e22c0d8d9767

SHA256
4c6b5f0b3490f80612abf0313f0b8d0a74472b374fe5c40613328ccc42a832a5

SHA512
157efd1ef4ca4b4f66027d1bf861f49f6fdf802a829fe59a13fb9bf3d78df392eb761327aaa4028f4167c157637590695a3f67248abbb2ab4790ea8ef9cd1022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
5487219fa523d62c0fbdcb1519707a79

SHA1
123c92d68227ca5755cdada58f97d03ac7582697

SHA256
ff51873c62cfd36d6d010e80826647bf0d26f423e2e3b03755564aaacc2f3149

SHA512
b48eb461d633740d4df268b63087dccfd02a16ff0082bba559dfe6fb51725560dd5365531e6c01c8d28bb665d1b8c46de7f83f2628bcf8619d961b94c81bc094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\00d7470a-9f53-47d0-94c5-c9282ec20535\index-dir\the-real-index

Filesize
72B

MD5
59812dc763aab86d811eab8bd8515cca

SHA1
24d63669d8f41d34ffa55f746103ea5020f2a5e8

SHA256
0759228ddb145fea96bb10a91302fc69bba56fa445da3ae4382a08c83a4c55cd

SHA512
f1f808c5b3eb88ba5f37307dac6293858ae75a79cd585f9d30aa9d5507e3953f89f409a43ff91c47ec13f5d3dcff804556e7bbe275f1f274791131260761886e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\00d7470a-9f53-47d0-94c5-c9282ec20535\index-dir\the-real-index~RFe5a9462.TMP

Filesize
48B

MD5
4e3a5117918b242c17049f59a56e363a

SHA1
f1af4fd2c34f3986023da179bc4af706c7ba0be7

SHA256
a821a58ed3362443a5c5d9a182fecfb7178fa74c788fae77f119d6125523206d

SHA512
087efc8daa2ad0476ec0e4d88de0f9bcecbf88d762243a243dc75d275bdb5583567f4bf143455aa6dd15f65e042751868d48ad13637e6d67810740051de85d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\528cba48-1c87-4b58-b3d5-c55597a81447\index-dir\the-real-index

Filesize
72B

MD5
9c2f3549b8a9b21d381ffac8a706bc80

SHA1
2ba6c618e137475f0a0fedd3246a1f2c103f8738

SHA256
8a93bb11f70863ded30997d26ca4d4b2776b66be0d4c3a6117341d94caadddf9

SHA512
80a0c16ed4f78b48ebb4dff3631c0fd4abbac22d4e459a89a11a3a151d6fe0848f1e8a97dd81edb3c97d008a039d119df1d7cbadbb1c51a892f5f5f05de3ea12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\528cba48-1c87-4b58-b3d5-c55597a81447\index-dir\the-real-index

Filesize
72B

MD5
0f9dcb94dbb7fb707a38237e9abd1be8

SHA1
7821187d88d40bc9e5b5398caa88bbca6a25b0c8

SHA256
9893269da0dfdaefd586ab6db27cd260007a69c53dafa4ccfa4b8221be3ba183

SHA512
02ade157b8a70ba94288b649fa87698fb872db110f8456856cc5e5593087452cb8a15b80871edf1c804c1f2f6a0cb5853f2b4fddeb9f663d409e23a1482fd798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\551e402a-b44f-4b78-a1eb-9e88f872c0ce\index-dir\the-real-index

Filesize
72B

MD5
b2e6a41a9530dab69834084224d6943c

SHA1
956865f74c6958faa90760b6aed37cd9e7baf534

SHA256
755fe73b75ef5a41ff753f681dd21ee169ee1e8220fe60594ecf900f66c829a5

SHA512
bf22813c3171055199884b524e0a4abcf861a968534a5d1affd95570dd0e6defdd8b080de8336771e8e80bf895aa9d0d68afb477d8fef933492aec5a40ac934d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\75b67b01-d915-47a8-b1fb-4d0df8910bb2\index-dir\the-real-index

Filesize
2KB

MD5
c5324dd4af4406dc7abba92043bd0653

SHA1
62632c15f6100bb1768ae4fa4aacb22fe82c70a3

SHA256
38eb16d98b9e012b11016a67bbf3764cd711ac1a72c67c12736355f08e61bd01

SHA512
2db6b0ddfdfcd227fe3fe51a83c0888b93bb63bba93f5d770874bd4fca14dfdad1403aef5764feeec918219427e4095228c7cb0b197c0a126902235e4beac36f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\75b67b01-d915-47a8-b1fb-4d0df8910bb2\index-dir\the-real-index

Filesize
1KB

MD5
d17ac69ebc6a6e7143014629d797ecb8

SHA1
468473839c283d27ecdfd8b27d4ab1ba69412a5b

SHA256
4d7d6fe0dc4ba40d9f1edbd7e1ceabbaa4232315e49fe05d9cbf64a23c682398

SHA512
e58b75b146f6c98de4439c2007c0930ea3549014314c6ca5b9e510487445296b9bfab735f3cee24f63a0a9994cd75e7d431acf49c3c63d9850b93ca842344e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\75b67b01-d915-47a8-b1fb-4d0df8910bb2\index-dir\the-real-index~RFe59f65c.TMP

Filesize
1KB

MD5
45f525d01646a17b262e170f3ddbcca9

SHA1
1f717d4544e7760428614b4642f71477a6262199

SHA256
ea1a782c411d643fc99f988b1184e6518fc1125677e901a027127c326757bece

SHA512
798eba3536de01a27ec29d2a10349908a8cdd3f6662006f042954e2e50fc4706da6848c7222b878589c50cbf79607fac7296209f38c4d79b79a423728a3317fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
9b07b480d6c636962966e5072ba15c7c

SHA1
5fa2182cfa465ad1a697647f962062f0b2a31d36

SHA256
1334e95a2800d748789c61dbe33dfbe26cb0e1adcfc9962be7a7bf9b6c562e07

SHA512
64766c6ca055c8a795c57ca9cd83a34be008f1703ec2de048f44a63fa61139b278b9ea0406b93272811d7655639874ff5990eb11d71c310e15d5eef00ab8e3e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
a5498e94945111705a31a5710ebf9815

SHA1
ab77b44460bd40189676a3ea3de0aaf683e718db

SHA256
c7244143f3315803cb939da5c594b39032b4293e3bc76e1810ae4e78b371da6d

SHA512
69fa61824b9df6d50d4444841797ff46d9083ed09760df88ebb4e39092a1cfa27000c2209c8abaafb67e1d69012ee48f58b11fe8eb3b1aa16601b5d5e5f82c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
581ade8a4bada25d6588d2bb0c190ca7

SHA1
40202182602d6cc2cb238d4fae4f19f00e12cbe2

SHA256
e106de10ed05f9c642c5f4d41d68a7d1085972a51cd8c349421e78328d6730d0

SHA512
7cdf6f77f2cc25e8a60fd88a66adb1f172a07a05bce8c9f3f4bbda5b4b985736e04e4628b8c51ecd670cce5d4197396c3a66f47dd92ae4676660c6a537593527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a4ce9.TMP

Filesize
48B

MD5
46f9f8ae96e11a25523a78f090ec5e21

SHA1
1c309c07409e4d61a17052cc417fa2a95a3dc229

SHA256
5cccb6ea6d71b4664ed31371f889f861e7829a7f60c67f3ff6b7915e488ed747

SHA512
95dded5bc5cd60acec95a48ad8358b130198c3b91908c88be79c2a944fc322c324df2b1a7da692a3816730d3ca4825fe8806709fe4bd46e396f80f9ce5204f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
e64cd8f0ba4f8c24d21988e755809aa7

SHA1
dc976d5e2b09192915362d6a6c26aca5f35be003

SHA256
c193615536ae6f963798789b7f7c2f5fc4142aee94125eb3cac6ef7f4b42bb37

SHA512
afccc8c0a977ec92119df16fb699ee6bf169a9affb856a834b284f3f4483d2e8f99a3d642c695c9845232c3069256965ddad20a33563527a2fb4670bf485ff1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
053882fb835dc4d54392124c8bef5ab6

SHA1
05064773781fd5fa5aa20f902bda205afc44622a

SHA256
17f946ce7b70fc4c8ff10cfaebcc2415bfd5d3f99ec92e63cb8436e81b95c6b8

SHA512
356705682d9680fe003db90d2ccfd31fe70c755576a67633c3d5982c2ebc4245ff525563f93d99affe77958d491b1aeeaa0b7737b76dff1502de95f0a79df38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
67963a14f705d51d34817298028fe760

SHA1
45bc902f886af50c791092efb2651a0d21af1c73

SHA256
e312d5d4208846e07b9b3893c85545c8b086ca3c892c7dd7aa1e80d769981e94

SHA512
04524783c0a6d8f5eb7d8e0cfe2036ebeeac230df36e5416572fe84c100b8f1a6cb4c2095a63d2cb1b2cb764e1c27f826f62565fc256cc0d946e372365aaece0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
f240d1fcb90333ac63c71c5a81b623dd

SHA1
f76a4e839f10dd2c15868646a32c38888432ee80

SHA256
21d004ed243d27f5f69f6a9ab7346ba01fcff34157aaffd24ffc893827726f4d

SHA512
f7ded05bf20fd1ed504dd696b569d7fca5f4ea7f559c312e032c020d651f280196c9a48851da81cccaeec88f8ac92cef4916767287ed92ea3504068f78b90b88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
f71e70b084f08bbb0d2b739d5fd0d023

SHA1
5643acce8852bcb83e20acfe226c32ee8471607d

SHA256
7743bba9e0fda7384f4821e71acf7e61d851819fadf0f0dbba6e606a8f2e62bb

SHA512
fcfed8c587e1353f73960d455a33da60fd4fcd9323e2e2d176ba068d5c9a684a97d80824a4ccfbe9fe71bc0b45b90aa0f9515366bb610e5622e48c29170b4252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
7e340a9d75c4b156bb73e88676dc654f

SHA1
97c4d094464aa7f4f6d6ac5432df3cbef5e991ce

SHA256
ab2c5456b4612cfc258e8a0cbd21cbf391645cc62bf4f8803b3a065b8b83f85d

SHA512
6b09b69b8513f1fb9b4edaf2176f908c8a4806e259df8d3a8815c3bb48f4a172e655d484e2a85afd6feef194542fe0cad41b4ac6a2b1563848fc38a7cb76860e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a0a00bfd909c3ae86c856593101e7098

SHA1
7e65b78c0a0eadfbf6c39df14951a1d901838401

SHA256
29a9834e2041ba5b7eb770833636a957c6eaa821b740c21700dfa1ea5107e5a4

SHA512
ed89e3b839cb005bc5a027bee5e4880157d80b3991c3ba1219b4e510a7076ecf663c7abacd2f8362728fb84e14524f2227c4f81c83abb46fdbbc9b62c8fee705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
239133c6a6e3a956f8e16f40375034c6

SHA1
07ea5a84fbdd56edc0a4a4cc8ba46905b7afc51d

SHA256
3515718122a2abddc22032adc46dfc3cfad9be4c52c2448b6e99e16470d1fb7a

SHA512
42eadec62e3e6b9e5dc611a174b9b8fd3e0bc2aa65826681df7669cba2a59f17388cc63b2513001545782a1d8745acc7c84de715e8582981a99399cf15a917f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe5a1b69.TMP

Filesize
392B

MD5
50e840d50b71e7233d075743a0915cac

SHA1
da1ec986938c4be01ebf6891a444cd4c2a26727d

SHA256
668afe723b8639c20ffd0607173869777c3bd4f6cabcc31a001fa8ee4d858319

SHA512
06570f47200eeb12d101676309a4576908dd2314a3010ab850fd8c5784594b5371fa255c8c23f799be92069a5cce08338aad16424a91453b82d28d80ffebb0af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.31.1\typosquatting_list.pb

Filesize
628KB

MD5
c900ffe1b28b9a4314051c8511e6877b

SHA1
72a51a35e83ea5b3258a820b0a2b51e49e06a17f

SHA256
cfb1eb35033af3f46053a42f4fbf4756e7e64fb6fd2b66a14ba9e5215262421d

SHA512
b9598a8fe3d9d3ce2f614b3a5074d60edf3c96b5b4139325c33fe08f05e395934b1c14704cf3e51eb8bf9a4e4d1a54f9144710b18fcde0d5d763a31c27c3d598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
8bb911400bff5ac1befb5ea477d949d6

SHA1
990797d6f84b4f35a22c289aeb8c57e44da142c1

SHA256
14b926c016f3a9293c403d79dc79363ea743c97f8688ad0679616477f0fb0c48

SHA512
dfe9b577abe742a9bcd829984e1333fc12da7198265511cb6987bea9986abc79e746dbb0e44b996d098d471ad536efdf2abfcc9b182ce1c7671dbe1a66943e0a

Download Submit