Analysis
-
max time kernel
300s -
max time network
302s -
platform
windows11-21h2_x64 -
resource
win11-20250410-en -
resource tags
arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system -
submitted
02/05/2025, 10:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/x2gpxs8tk4fud03/MARCUS+V6.6.6+.bat/file
Resource
win10v2004-20250314-en
Behavioral task
behavioral2
Sample
https://www.mediafire.com/file/x2gpxs8tk4fud03/MARCUS+V6.6.6+.bat/file
Resource
win10ltsc2021-20250410-en
Behavioral task
behavioral3
Sample
https://www.mediafire.com/file/x2gpxs8tk4fud03/MARCUS+V6.6.6+.bat/file
Resource
win11-20250410-en
Errors
General
-
Target
https://www.mediafire.com/file/x2gpxs8tk4fud03/MARCUS+V6.6.6+.bat/file
Malware Config
Signatures
-
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\tr\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\gu\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\ru\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1284367089\LICENSE msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1284367089\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\pt_BR\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\bn\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\en_GB\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\fr_CA\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\sv\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\zh_CN\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\offscreendocument.html msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_metadata\verified_contents.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\af\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\zh_TW\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\gl\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\th\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\ne\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\it\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\lv\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1284367089\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1300582806\deny_etld1_domains.list msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1300582806\deny_full_domains.list msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_762581888\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\fi\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\pa\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\hi\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\pl\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\fr\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\hu\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\be\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_762581888\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\sk\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\bg\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\da\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\hr\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1300582806\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1096096730\passwords.txt msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1096096730\surnames.txt msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1096096730\us_tv_and_film.txt msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\am\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\fil\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\vi\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\dasherSettingSchema.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1284367089\sets.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1284367089\_metadata\verified_contents.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1300582806\deny_domains.list msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_762581888\typosquatting_list.pb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\es_419\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\sr\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\uk\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\et\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\sl\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\page_embed_script.js msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\mr\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\no\messages.json msedge.exe File created C:\Windows\SystemTemp\msedge_url_fetcher_5968_1715272222\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_91_1_0.crx msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\pt_PT\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\es\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\ar\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\nl\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\ta\messages.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1096096730\male_names.txt msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 17 IoCs
description ioc Process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "139" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133906568156990024" msedge.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" LogonUI.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3582532709-2637047242-3508314386-1000\{426E5FE8-7F0F-4D80-8A32-FA7B8AB3F469} msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
pid Process 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe -
Suspicious use of FindShellTrayWindow 30 IoCs
pid Process 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe 5968 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1004 LogonUI.exe 1004 LogonUI.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5968 wrote to memory of 5956 5968 msedge.exe 79 PID 5968 wrote to memory of 5956 5968 msedge.exe 79 PID 5968 wrote to memory of 4616 5968 msedge.exe 80 PID 5968 wrote to memory of 4616 5968 msedge.exe 80 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5256 5968 msedge.exe 81 PID 5968 wrote to memory of 5568 5968 msedge.exe 82 PID 5968 wrote to memory of 5568 5968 msedge.exe 82 PID 5968 wrote to memory of 5568 5968 msedge.exe 82 PID 5968 wrote to memory of 5568 5968 msedge.exe 82 PID 5968 wrote to memory of 5568 5968 msedge.exe 82 PID 5968 wrote to memory of 5568 5968 msedge.exe 82 PID 5968 wrote to memory of 5568 5968 msedge.exe 82 PID 5968 wrote to memory of 5568 5968 msedge.exe 82 PID 5968 wrote to memory of 5568 5968 msedge.exe 82
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/x2gpxs8tk4fud03/MARCUS+V6.6.6+.bat/file1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5968 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f8,0x7ffe2c65f208,0x7ffe2c65f214,0x7ffe2c65f2202⤵PID:5956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1804,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:112⤵PID:4616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2164,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:5256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2528,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=2600 /prefetch:132⤵PID:5568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3476,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:12⤵PID:3744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4992,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=4908 /prefetch:12⤵PID:3848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5316,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:142⤵PID:5988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5320,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:142⤵PID:984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:142⤵PID:564
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11363⤵PID:5896
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5972,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:142⤵PID:5688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5972,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:142⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:142⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6168,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:12⤵PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5188,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:142⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6192,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:142⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6080,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:142⤵PID:5896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6580,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:142⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6588,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:142⤵PID:2840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1180,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:142⤵PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6600,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:142⤵PID:3256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5860,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:142⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5560,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:142⤵PID:5644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1252,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=880 /prefetch:142⤵PID:828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5528,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:102⤵PID:5744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5532,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:142⤵PID:5636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=3308,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=4816 /prefetch:12⤵PID:2392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=3664,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:12⤵PID:5912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6328,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6896 /prefetch:12⤵PID:5896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7092,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:12⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7112,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:5160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=7036,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:12⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=7416,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7444 /prefetch:12⤵PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7584,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7604 /prefetch:142⤵PID:5984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=7624,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7664 /prefetch:12⤵PID:104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7644,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=8000 /prefetch:142⤵PID:2092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=7440,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=8072 /prefetch:12⤵PID:6016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=7628,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7660 /prefetch:12⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8016,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=8072 /prefetch:142⤵PID:5536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=3684,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7464 /prefetch:12⤵PID:6068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=6324,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=7408,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7080 /prefetch:12⤵PID:1912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=5024,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7900 /prefetch:12⤵PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=6112,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:12⤵PID:5076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=7456,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:12⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=6728,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=4812 /prefetch:12⤵PID:712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=5584,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:12⤵PID:2632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=7056,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:12⤵PID:3400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7396,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:142⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=5472,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6676 /prefetch:12⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:1524
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:668
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:3496
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39d2055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1004
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
MD5bd6c58a52af88bd60e4b42abbec3b6c0
SHA146b376ed3e40523a6eea4d88f546166d34057a92
SHA2567d2bb34d26aa146f9c52cd5c70279c25f1847b11c625ce4d34f385b31644599b
SHA512be8294752bab018fdd3d8390886eb84aa17ff8161cc04e7fc549b22169f5dcb7e7b596ee9cf678552ff5f63a4062b11d52ec7a41e5a877f20e6f55089e4a9a0f
-
Filesize
280B
MD5978d790ea9bbd3b3113b1d32773304fa
SHA161c9b3724e684c2a0507d7c9ae294e668e6c6e58
SHA25636c686a276e904607d2a18c2a2fc54467fb8dc1698607f5d5a6cefb75aa513c8
SHA512d50740255d20d2a5e6abdc78f4fe9ef6e832f2ffe9ecc200916a73db1e0dd37d67d88996b315e128bf5b77bb110e4e8c29905aa5d90b83019be2cc8127d0dfc5
-
Filesize
228B
MD5077d3289c0ad1fe7fa9932887cfe12e6
SHA104b9f1ef39ac3de100add5681c171d8e40431488
SHA256cf384c11221c2f72319974356aeef1be8cdbe05a66a2700565bf0a57736bff6c
SHA512391827f68ca7af248cc1a11be4d32eb45e814c2dadcbd9dd1d95ddb18a4cbd6e4e8b2f4d0eb6229a19e8f2b19f9c1cb9ffb58e379e9ec0e344ef8c855ca05fc3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5ecfe92074b008887c549ba61f4aee0f3
SHA1fd79aac8050b0f4152fedc528ec3257299468b01
SHA25664333202eeb42a4b7beed97c2829f3cc63c2a03b3bf1edbe04573eb297bd7985
SHA5124f4bc0a0d38bef00eaf9bfa179870213e2915c43391f0cb79b7abee0db8478d7e26d74de4b254ded703f8179e2cecef209fc37b761ca19d310bceb26fd3c87ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD59adddde7559ebb0d4d4e45796922af1c
SHA114072eb37afae482321680406325d57c797ab57e
SHA2567f2bdb3bb6ec8ac4a2855248cd87152e55adcb5d39742d1ebdda77ad09787543
SHA512d68811a2e26b3c9dc29aeb203aa0704998c134bf67666a8235b1a841e4e03ed3dbfff936a8e7834c547e3c5b67e989806af5afd05146a1514beab122b3b41d7f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD52e7a4bb53b7cffb6302ef6de5738ff8f
SHA1fca5b0420af8fb4747b6c30860e626e7acde8bda
SHA256809d1addfd82be7c16207f9e8c50ac8c021d66cfea4bb05530a94570771a4554
SHA5122dbe0e4a38ae773cb4d44678b34b89fe0cd1f010d7c10b1678b1fdf6bcc6c1b7fcd63902ea0c5e51330aa710b96efb211d669772e545aba67d550d38539dcdd9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57cda0.TMP
Filesize3KB
MD5763c68576cf180c251b124a510cbfe41
SHA1f31d31f423fb63340021954bba6ec02c8fb5183f
SHA2569dd2ea9ea9badf94b83c0d053452cd50e6bf4536b10ad869ee8e5befa2e7396e
SHA51224350848a4364daaed5f97fadcfc98e46f0dc7c1f38eae8f36da6e3c7925f971daf8111164e312830fd7c9c0d940005d1bf77a5ff07c3decc8481c5124e2fb58
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
9KB
MD500a1750fee285153f57bc190ba3da1c6
SHA15796661cb02e7c66c3084303209c77797b67343b
SHA256cd56c698878a3b7ddd18ab268aa13d646d6a0f8abb49ae26eac2f075148c6239
SHA51207933899227136cf4adb1a65f9455a78555af75a6b309d65aff9ecf4339589b7765b45694fdb08651ae093594c1385aee58e0ec0c3245e081332d991428074f0
-
Filesize
17KB
MD576e2849cbf1f424200bee2943f4507d2
SHA1a929fffd41746f36ff0c767323b223aebd2bfc6a
SHA256595e170e0625e2558372dae080145950fe037ce6d6bca60802da6dae8562c44d
SHA51201e32237debf22afd5ee892b3172b7e3e3fd1a67481be9a448087bee6a04df7ced9ad858813220d940f8005bd2779dfd2007e179df14168550b9b2af4e500552
-
Filesize
17KB
MD514da9a7f0b3bc08b83581c90dd4f878c
SHA14b9f61db35e815efb800feed5eb5854b52fc293c
SHA2561ba5128f146d642380b1132b60a5276c1026ec1c8f4949fc3a1d2232e17438a2
SHA512360308b175b270cb3b2f44c0d161f92e88827733f49dc24f2a6b61829f60cdbdf1860caa36ecb2f965671e5e2ae389a597832c181b50ea7f00de0fdb4a619cb5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
21KB
MD5d97a1479ef8e9adccb8901468f83e2d7
SHA18f4d9d916f072139ebc821d57a525b0a0b5dc879
SHA25660a2de71f10258cd441d100067a25fb393344304bc66ca294e4c0151ffccae54
SHA512d16e7bb382ddc0e79e7d181eb694251379d65f784e6313721362a470d0e658d4bbded9283ebe0e476d9bb8dcb841d297e9ffd183d9b27f7442f0479bcddabd64
-
Filesize
18KB
MD516a3f9a135918cc5e707687d71b25bc1
SHA1150d393105656ab2da282598c31997570e9031d0
SHA25669fabcc5aecfc882f156393a9f750df6064d308e70cc985733b640e399e3edcd
SHA512f6688fdace7a3e733b2d1bcadbf0a2b21f1474af64546aa232e10f6a8e4d5d70c666ac2e02fe4e1bea86ecab37ecb9191a0a1685bc8bd499fe0771ce30b337a5
-
Filesize
21KB
MD53c205eaa1fa4c70a53fc682cee644f46
SHA1097e38954ddcfdc4f8ef2c218e65a241d4921932
SHA256be7f529ea2933f32c728d64179b68e514bb3bdd76507efe86f605f6e3b74c953
SHA512af2f108f81dffc3e822f39042434ea910c14741c1704d27505cecab79f763f82c7d7983f0af25f248d7954a7e8f2df2f122f2a4aa233978874dce75a77c6e5f0
-
Filesize
17KB
MD50a9d4b975c4486555b2ebcda136dafbd
SHA1423843f8b6bebb862e75f8e33bf44a2d1caffb12
SHA25606549a02046a3410d99a4e6e9fa12901e0ee83edb1e6fa4efc752480decbfd0f
SHA5124dbab4950f56c9ae2cea86c17d6fdf4f6c79a365656f85309f68ba02548be95417412ecfa77af782f24e969dfe4ab9524846eb2b05dea3e4cbd40bed15b4d000
-
Filesize
37KB
MD53c9a014e99da4692a52a4a0cac5c6861
SHA1796e222022ab199eb0625be1bf5a4a813b941605
SHA256bcca782ab1ed409ae127005ebc1634544bbcdc12326f2b0f2dce2fba96e75b81
SHA51228ca90e69b91ce3bb47f535fc5f07ca81fc02c27b0b2ac7be019a294e23496469f5479b9f210a61703e55b651feb8787945d055e73b999708ea9215e0394fa44
-
Filesize
22KB
MD53caf83b8532d2ea7842a3e37756bdc5f
SHA11913781fc4cfd97e24f7d076b84aa701da8e817d
SHA2561bb6816eba2a71d94a130c43d7b53541a8ef2d2c2ca945cabbb1efdec404988c
SHA5125e8db452f881621e1f0652ff35a4f1e06cc0aed9c5c97e85677efb81b8c46fc40726233d098b2e11f9e18ad37c7380df3f2a6dfb03f2732053155544235cb7cd
-
Filesize
467B
MD51f0554b5dbda292d49ab53877b0fdc67
SHA11f061892b25d98de31b0d9e5de0fccdf7b04ab5b
SHA2564a3d3e646d6d893a6c84f4703f5984529cf46fc5057b29af6c91220382701020
SHA5127e22f2e1db2d38c8acb3fce9bc5340e9dedc53092ed4091fc33746496e858bc48128640285240d0ed6e96805967ce41ae0d5976be22cd5b651d5330296e35223
-
Filesize
900B
MD5ab79fc6f26a662e69b4d278321f08bd7
SHA117227002230b3652feb23de460646cc1055e5c73
SHA256f297d4c6ec995fa61255d49b14ebabafa331c3ea06ddf3a5ba74758d41b4305e
SHA512ae8eed24fea764f19926f9ba7d34b8fc11bc8e29852b9f25e11a7e0e7bfd459037e26d2bdec137d29d9cbc29a32fcd4ac13362ce4dc7dd3ad972b33cad16a9ef
-
Filesize
23KB
MD5c18475a405bff1922ca859c0c7624b2b
SHA1ec2a81ad389ce994bb037107020fd5e901e537a6
SHA256c72dd533c544638f91b32780b03d166808245a2d423bc6cc06e6c4c3fecbc450
SHA5128f8693273df42df9efedcfaa6bd1ef15ba4ed529d74a25b6443177600c94899539bda81783a963afd21e31c380b1788f67932a08b243cf104b5cd96882400fef
-
Filesize
22KB
MD53f8927c365639daa9b2c270898e3cf9d
SHA1c8da31c97c56671c910d28010f754319f1d90fa6
SHA256fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2
SHA512d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72
-
Filesize
54KB
MD540e118c25f09ec5b0e8dc47cc504e654
SHA1a22a78d48561192b1b2edd6d8dc0cb7818c24937
SHA2568416789467c9855685399e91ba85c838d62092d5f6fcf38acc7862a2be892fc1
SHA5123dae29580674e3985eaea0382cdcf26278b502039efc1469358edc478ba8376f0449be3ae26dadd8327ff49b9fe82222d203d6b58d489661329463b557c15c3b
-
Filesize
54KB
MD5c9dcd637968f913b5306c8dd1145297e
SHA176ed6b8a983981b6c552ba02c9ebb50138e6fc96
SHA2561b657ef4fdad2ea02b1ecd04cd90058155c09e8265a95f1ac2a0718d30b0ff99
SHA512b37d41254b599d3836573513e4a797c39d7591aea54692998f16520624d4f1379d5d8cebfd3f062e65d2a56c469c3bdec1fd25d912e95e9b71ed902e45402be4
-
Filesize
54KB
MD5e43f473b23fff68ca2c3cb994a15dd68
SHA13429f2d536f30eb6fec4cdebbdb12753aab434e2
SHA25683214621a11f866497158dcbd171b5838798ba2bac0e15a897ce20bac65e29b9
SHA51297371b309c5d76737d8ba7fb1fd6d4a76966777cd92d9dbf56b667176aa03b31a48f06b0f0d0a794d4302fbc90a97cdbe914d54cc78a608096d0a63ae70e4204
-
Filesize
49KB
MD553c7852504c426a0e396efb07e24beb9
SHA1b2d667154a735abb4861c86973de222e7bf13349
SHA256d7fb074ec935334e2cad466e3bd1cd167d62173c0290aeebf7a814ad094908e8
SHA512b109f01150fabf3f5c986e2a0d800636a29f42701d276a7c3c39a7b2484b92fea75ae686bfb3d6cc0e60c7526347e9cf3f6cfa4bbfe0628ea83d30a40a3dee8d
-
Filesize
40KB
MD575d234ae1b59bb2987a874d038f7f14a
SHA1c527a2a03b563bc93536ea4c4d1febb44ec2c1d7
SHA256718d424934eb9738a23e8b021c79ca6ab62183b7569e5f12658512960478f6d9
SHA512be99ed948333bb6a881d77922280413fa68dee4efbfeb853643d5aa649fef4921b2b6a693fe5b69fd5cca1685c29e55780797292426b1f6d3eb18bd4aa410859
-
Filesize
392B
MD5ea648cc2d4c92f5710082fd874819e57
SHA1893a72a77ced19049433f6cac3473e7db1832937
SHA2562886b96d53d0439ce9cb14cdc157865846e40dd3b8308a0ca3665b89f68c9ad0
SHA512e6d6e4c26d756b08efc87d84f6f456fc6061efe71601c25355fe313051f0c1e4f91213cacefb7e9272a0de520697430684d74878b5bce80e19be17b5cad2a507
-
Filesize
392B
MD51c6e9bde1a150b43dc34831f5cdbef75
SHA130ecda5509a187e1156e7ac20241874dc51d13b5
SHA25677b2a48499cfa40733425ff3f4042dc7b5fc7eff5e16e6e8bd8ab115a6eea21c
SHA512338ca2a0a8f32f3f0da6bc4f65d843a2c7da2b0f4ce8a9942a8394bf6b99d7d7cbca5f2b258106dd5470208b1f72270c94a9c3ad988e77a36dc7e519e583886f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.5.1.1\typosquatting_list.pb
Filesize66KB
MD545b4f63711eaa89d9c9792be8b19c2b1
SHA159c28d96b19377751accf132f1c42557e2e1fa8c
SHA2569144637db432c2e17209b2893ba67278fd1acdad9231096674caf7a6b4236253
SHA51243902e07f6eca8141d458e84d1fc136d850cdf1551597993099de6e2496d29686f8f93263be94abe023588ef5f979533d3e1baf29688c992bc902eea550f8256
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60
Filesize153KB
MD5b0917d8e6c5b6be358bff67f84eb8336
SHA1a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d
SHA256dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60
SHA512cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451
-
Filesize
4KB
MD5b60fc6f6d510b82a30cbfe4b9077d884
SHA144c0eef3499c25b5ae1dd121cce632be7867838f
SHA256cceeb92860e76b890cb6157660921a57ea21e9a3d94605d7596875e0626304bf
SHA5120d92beb96bd58879c79d001192b287e8a75ef821f02edbcc15404e81a87e8b5f86c29e7820514280d046f20bf08fb4be7bb43cbf39c9bbcadcd4eeb363e6cffa
-
Filesize
69B
MD5b721bdf2924d658186ac8868dbd2c008
SHA1914aacc65bb7933bd73aa06f8bd2ca0b04de3858
SHA256dc6a19395ad3a24ee3805f6e90c6b16fdc141a51ac7fbb99fb784e423f8962f3
SHA5124c1c16f714a2e2436697bc801f7e2f684010c833e3d5fe6ed68d6f3e630afa495412ea5a1b46f4bbbb1102feede84e72f32686910492510cbce71888a85b5fda
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
85B
MD5c3419069a1c30140b77045aba38f12cf
SHA111920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1
-
Filesize
176B
MD5778202dc964e7fb0ab5bed004f33fb14
SHA1932ed013275e2c1172575885246c937c7cca87af
SHA2564474f08d1718da148ddb55aeb998886c053f6539c2fee3b3b1796f3855792ff9
SHA5129105af9928af4bcceb2cdc2161137ef6b07f4b97d663bbf27086f80dd266e967a5524aa5aec3f457493a0c4b98aa092aac6bd5062e72cbd4d939402c92093948
-
Filesize
117B
MD5a0fedd9b29991ae92455f05414e5fa74
SHA1300c53982db6bc2bf1875a8e85518e93b94d1f15
SHA256e3fede606090dcfbb6446f4da29cb6ef3afe7d0b0c8faeff52f7feb2557fdfc8
SHA51263ce6bd825cb611f34ae5d3a71eee40af7afc460d5a6ece59d4bb86d37a38a9e6a519d30adb720ddedf332754a3ba5f44b578cac3a610ecb8182c0ac3912615b