hxxps://baba-is-you[.]softonic[.]pl/download

Analysis

max time kernel
190s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://baba-is-you.softonic.pl/download

Score

6^/10

steam discovery motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
276	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{16A755F7-1484-4825-ABAD-DEB3260EDAF2}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4764	msedge.exe
4764	msedge.exe
3616	msedge.exe
3616	msedge.exe
3300	msedge.exe
3300	msedge.exe
6008	msedge.exe
6008	msedge.exe
5912	identity_helper.exe
5912	identity_helper.exe
3976	msedge.exe
3976	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	6104	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6104	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 4372	3616	msedge.exe	85
PID 3616 wrote to memory of 4372	3616	msedge.exe	85
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 3704	3616	msedge.exe	86
PID 3616 wrote to memory of 4764	3616	msedge.exe	87
PID 3616 wrote to memory of 4764	3616	msedge.exe	87
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88
PID 3616 wrote to memory of 2016	3616	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://baba-is-you.softonic.pl/download
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1c4a46f8,0x7ffe1c4a4708,0x7ffe1c4a4718
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7768 /prefetch:8
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13204023384789127448,992930100590072022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3808

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe1c4a46f8,0x7ffe1c4a4708,0x7ffe1c4a4718
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6604 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1852 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,8337445743828042146,17467476991528620771,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7340 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
25d81a86f347e1cb0121d5db5ec9f4b6

SHA1
9a73320b71249f92c68761426cc73a284e88748a

SHA256
5d5bd53be8d1a2b10c365e1a025ef19b5ab40c9ebed7eddfde924aa635266b37

SHA512
44a64a73c879c249d27b0d06fdf74309fb477e8b7adb227acbb14a8acb8c07b7729b0ca84eb531fb25d8bef20ab703ccfe1952dea8b1f4138b668770f3119602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
05e8266c7da504f736e2856c998c65fd

SHA1
b2f4f5178b44096c5ad9932491c0f9ea33e32275

SHA256
28e6398962fcffac7098a6743a7669a3ac762275331618435486320c299823a9

SHA512
e2521f11d939eeb8430a9a5d5b16ad54e657460e292111d9e2296d5514eb1cd92f7219112612a686660bcda6bb5f6dc8cca17102740e7eff9da8cc1454ba5758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009f

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a0

Filesize
42KB

MD5
23d5f558755a9d58eef69b2bfc9a5d99

SHA1
fa43092cb330dff8dc6c572cb8703b92286219f6

SHA256
6e5bec69b1c6424972a7f5481ac57049811f0f196535b707613126c11292c5cf

SHA512
9c56c94d059a27dab9f69c9dfd718382a8eb192b8c0ce91cd6db6ec0769b8756acf9c0956a35561474b87d6278b13fbe88a6e4df6260c278b1ae06e9be55dd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a1

Filesize
17KB

MD5
663d0d0966d3e0fe61cb9cd631c35c4c

SHA1
d371a2344f891ad2dc585f66eee08f4330634184

SHA256
97577b7db223876f9a048ad8833c7b55726ed464d8e9d34c303c171a6f32d7e2

SHA512
75be36c722dca266a10e3d8003d7b68906e25f369d9009c6778ecf2f3a4074b6c6307e37eafbd5e9cd755c2a850579df765a1d1d7be1caabd17bf0b426a65d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a2

Filesize
19KB

MD5
ab7532c8d5e38228215da168e80637af

SHA1
00d5eda03bb3dfe84356d39e2d445d54896c3797

SHA256
20ac4ead3e1e487b273d9a733b36efad29462dbe10644f65ee5a69d8aa971240

SHA512
38d0eb27d49db442b3acc674853becc280979a9d2d34a972cebd61b803e5b8455b4f949ab904079d640911db81706ed23b75f3f36cd3ea5aeb98fd243aecd6cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a6

Filesize
89KB

MD5
2c74ee3d2f3b7bc88a072672c400481e

SHA1
8111d504d983d2f8eaeba46cffac5a335a95a187

SHA256
d3ca9f6871c6d00b29a2129320edc5e2e1505541a16ddffcc457c57c6d10c77f

SHA512
e0f5cfa5e909f00799781899247a032f8e8ef8a14c51141971d3cd49df123014a59ec837a2db00fc8deca2eea826ce35ef39fef15be72ed7b835940a0fbad7e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a8

Filesize
103KB

MD5
c12602b8ebdfd5ea5113f42ee978d526

SHA1
1159db5c354e5c9a73b2e072b3c0c5d02f3ff07b

SHA256
412aad14e7b55e51c4c56a88949c8f5ac81e06bd1d9b23da4378b1d9711a0794

SHA512
00ba76a1f0f08c969a96f4418c158d482eba611fa5984cec234ded9c7a1aa2e9e4dc2a69816c2940783289767212ac729cb7b3ae4cd002f772a5dc5d45bce3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bd

Filesize
138KB

MD5
993e131b2e3e6a2a8d8db31802ec82f5

SHA1
3b8e768ef9892d9fc4440e013425078bd7dba3cc

SHA256
779c4cf66c735ceba580c975a38f3b1e3f282a905317b915877722ce832c85f1

SHA512
716052bbe07ef9ae17f39dd221559dd8f8a18cdc002e8b54777bd29b3b07806dfeb657a6c96aa7ad12e60e690570357e2284348bbdf8906483bfd51e6692f34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000be

Filesize
84KB

MD5
96ee01cf96fc2210ac339b15044e4337

SHA1
6dad2dfce9c40abd9126a663c5c16224e02805c2

SHA256
9f22b4bd66b2ec55333fcd93c857073f490984621c1a10660633fb5ebe0c5844

SHA512
4e9569159859eca99a799f01e60e3a4e5d84762fb922cd5187191bee472b0d58fed1cb94665ff72d66a5d9513d4e9971354b5da078dc6473ea2896720c32f287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c0

Filesize
20KB

MD5
014a1b0224fa841a945de432dbd13f49

SHA1
d00dd429de3ae8107d2112fdcdf82570fbcaed2d

SHA256
27cdba1a1d6be78c07d329f54a589d05627f6d1645040adf7fa529d76845e43f

SHA512
fe1a949cf7158b1a8e563c10f46f3c3440671d239abc423b37f24804ffbdc694e1b62581199e9dd8bfd180fd2f7bebd0e8e5ab1b4bff2f999fc5716a21918072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c1

Filesize
153KB

MD5
1b2731006f2b2597b02859e501bc2d4c

SHA1
118d27a703cef3fb083593a56bbc93e62420f30a

SHA256
59dc184cbc1a318493460d1d78999cfdaaaac9a457b5a3a02c2567dfa17314bd

SHA512
f7452f91afe2fbfcb04f80dc7b051d874224de8790bbc53858678332a6b49f7295a15989a587811e1e8fb58a38625ec3e15657d88a367fd50d5b201d7abbe90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d3

Filesize
27KB

MD5
bc7321f62fec1792b4b4b06eb70b55ed

SHA1
1ec07a8dea6ba3e7cfbcfa03fd41e4fbcab88d80

SHA256
4568f3217ad7eca8b87555678b82e4fe003aa5df2c4dd7cd27f469961b3bf303

SHA512
6fb01025e6d815f26047d4f2c0eee18a992ed550b73b4d23733b2d00c70827e1407828986c2fe13f2f08a991dc45e555177199c7f226ac5aed5323bf5436fdd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d4

Filesize
89KB

MD5
fcc6c653cfabd00b65e58b448d922623

SHA1
9303e8952df05587003c22c04557363fb1f0eeae

SHA256
8b8677a57b302a6ff4ba2bcfd84399dd11e0f8ee24322c570777e1de84b9ce79

SHA512
fae276aa226d8ee8e8bb3a936daffbdcd3fe324af8ac417dd0884d48cca580280195171c120d87a64e37d0836cb18f8351cdeac4a59dd085468e806413ac9e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d6

Filesize
16KB

MD5
144fc04495ecb8dc94d13a866ab0f3d3

SHA1
c4e4e25b100b08c5777263a99709ec4b74652ed3

SHA256
9ec1bb323a1726e8c749002492e873a76c31ffdb7be05a3043d9a978a2ec8503

SHA512
add788c2c78d5ab09bfe897a52ce20345d72b5def5881f63af77933858da3ac1b21b673b957b657ed4441450e9f710a0dc5a90f2d5438ed668e8cfbfce83bd29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d8

Filesize
28KB

MD5
a762fb5a64dec4556d980f51ff3060c9

SHA1
6ac0b291cbbd8819e9a922c9c5228f76ad029983

SHA256
cfbdf62609fb4493b45b6b7a9a13c5357ab5e7447c606d9fd707dbca46359a54

SHA512
23169bb323a788ccdb915dac2a8d8c58b018c40941f2c7b10a3814a68b42ad3694d07d23e2eef31d77a7c16da355c98d796b94f82b8f352aa4825ec0c3e08b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d9

Filesize
45KB

MD5
5f339ff8127ea962b8aa3a95709b6ad1

SHA1
340631518650a5f3beef366ee93ea20ceb5da39e

SHA256
b3ff14cf44c5c690b256a05bd28f7f5b193f1b03ae6a6d512dc267ebaa505260

SHA512
65e21ff5cb91fc5221bab0f952d6be06726ed9fc98d5d560b2d1e1bf2d25c3de44b1509a1962e925ab543dbb2d42eeaa7e572f9501d8e35d980e769f30b4d3bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f0

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000101

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000104

Filesize
62KB

MD5
35fe37e08d59a3191e5937bbf348e528

SHA1
64555d7ba585935ad7031b1dcd85e32d665c5e19

SHA256
e0050b274222e7bbe0d963be219a27e4a47fddcf1a72da32f744a04eccf91615

SHA512
ef3b2acc746dc86ce4e9d075c133e0b65277c14c6347526e25ad5ede7a0f9403478a5fc6a2a19babea02012b5770de1b7484e68c1dec64502d362f8197289f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000105

Filesize
31KB

MD5
00bd4556d9672009a7cce0eb5605fd1d

SHA1
e6aa062aa34cd745dbaa2b0fb851511a5ea734dc

SHA256
11e4340eefdc92053fa38149176a0c17f55472b8fd3897426a76050aedcb8621

SHA512
34f87481e0cfbab27750b392d885092bcd6e11796745b5ef7f39e9564b8d29d169cf8d72795e45745c366c18057d02120726951d2729c699bc60e6518499536e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000106

Filesize
20KB

MD5
6475a4afa02878aba743451522eb5e43

SHA1
c0f8d41970f233ab9fb258b06674d1df7bff58a9

SHA256
db13973812c4dd5f62d6885ad06ed9d86f59089de6753752618b32be56d72fc3

SHA512
a016fd71ebd5c38cf4c4f4fcff4d0c555e86ebc201b8da4cd29e5f68162ede89922458495df44b05347ad62c76ee9f82f3147bfce1e5b4bfc5d55332de3119df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
2ab28c10fe7d1841278fb6922ea9c563

SHA1
ccb2b5671cd201bf81abbcf437203dc814598e96

SHA256
53bb180120d47ab87a24d4b7cf09c14048121406c4dada1697939230abfb5105

SHA512
7baab0125613fb94d2f459361c98d89a8a75d31e58ec190c1e517a11818af641751b1f71ac9b21fbb3af45ed0079b1752419db6ebe3d69f7228726fab6af46a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
e54565a853ea299515feab880ff9a194

SHA1
93b80c3a6dd82216d2f36d4559fa09eba53e22e6

SHA256
60370f7917f10fb825293986b7d861fe47a517a7bb107c43dd351ee952402dd2

SHA512
775c03d42460b04cccfb24962385700f98979f65bea976ac30a01fec23ccfaf7318df6392cb9e61e16c74eb17e20683033d5c06c5c908cb19cef8c77391a65e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5de746867f1e05d5063f64e35983065d

SHA1
f040fab6a770f254a91f7b5a1d79513e3c03ee18

SHA256
91704a02aaa0ef2b7e4f0533351ca86a8d26264ac5f03e3086f49fbb160ea14f

SHA512
6970c353f09218d7ed79eab4da3cbc2d9239875c922ca8c651a1bcce990cc271019d36147d33d220f0f12bbeec0583ee75c72c6059d4bd3198d12cc07325c0cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
a7d748b89b91bd7b80a5132bc4863b37

SHA1
614cc0f41a22d86357fa8b574f1ae8974e69a1a4

SHA256
eb283243efe867e561a18e16834927fbf2cd1dd3ed6f3e6e52049be28c6d6373

SHA512
6bf2a8881c2ccd61796168ea01da366ffa17eac75a3f7023549a091d1aebb38c0a513d15370b8f343d9a008a4679097f75030bd3259cdd03960f77e4b0450861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
bbbbfc7f9a327d7cfb4e77f12bc14508

SHA1
7d7643c4f8f42dabe23d50071dbd035144282d78

SHA256
e09fb3ffac64e0d8d89b230f5cdffcfb063230c23079a885adcb0b3365eba0b8

SHA512
cad6524d6f8386c10629e7c0209b59f1650165429206c58ce04283c1a8bc185e399dc7d0d0c0f892de2000b6193e271321fa02a63343e7a2795479fa5a8e8edd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
e46786faed356cc89ca1819f65c183b9

SHA1
666c33a13803d76099c103f98fa79bfed5da6be8

SHA256
f3b28044f93761857023fc66cf663cfb30d555377c7fc136b3fcab6ff95b8844

SHA512
b3570aaa6d0b185a57324a50014851c84540d818b8e16ef4fdeefc48dc2dfc9e53cdfc3151cbbb6bd4be0f861e48a66787b0b92f870f6aa3efc90fc873b9a723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
147bdb39950d6293558a707f38eeb914

SHA1
bd65ef98c57beba83d4f7c4eb8b2cbdc8030f783

SHA256
48894df3bd75fd5eced3099066c025d0394510275afb1c21bb0f2d64840cd272

SHA512
8383c6a3fcf7d0836cd464bd599e12a7c81bf5bf74c2cb45b618aefd4afd46a3d9fcd50bd1bd41d6d7241d4b8a3edcf9ae559f8b8bef4aa8781fa843aec48f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.softonic.pl_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
7KB

MD5
b946f96ab5e0839722fafe461024ad0d

SHA1
38573da1893bd5542f860262a3e7cca391f476c4

SHA256
44fb8c980cb80f44ee8e96336cd30d90c9eadd65089930ce46d120e1accf36c1

SHA512
729e113f183db83bdd409da21d58e12d22a3ae5279ca4cb8eb66f649e729ddcdbb990ee8fb78ae2ecfff5afc74af04c7b9e454a329bb60337fafd2c7d0519459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
f5e08370f0a154ef13049af46cb24a5e

SHA1
275b26dc44630715a236cd939b32076797c69505

SHA256
28af591529ed91189eebee10fe2a440e1b7e69fffe195ebd95c13664774e3b10

SHA512
7757935375c7146adda5502f3c9b67e9a82456afd1ee4f30c30761d470a4f9735dced2355c0d602cca9bc0a98c0ee1f6cc000c0685090b9b2f06ac2c9a8760dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
23KB

MD5
aec7e507e64146453f32a48940ea9115

SHA1
f39b4a8b273d48d54806b310ac0eeffe94a92bb4

SHA256
9839563b2a8769f6c356e1c3d978eb2d05612cff911a694e9a9f515fd31dc408

SHA512
100749735c4c9b5010b819ee3a7608b18a9e03ad0f87707767c95704429ce94e259918efafd141a71843dff2cfdb92716e21d5d1f3627ec643c13c6be72dd92b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
73e8c13ccf940fc3302b54c790c70212

SHA1
f12ebfb6922e68dc0f97b4135c2ca46285b5336c

SHA256
7fd67ea2760c3b4642b7323af77307ac7d3ce404c8dd3e66aa0c2348a653f56f

SHA512
09224c207f45029d2e3aece666b822e0ec79c58e6375cc32b2fd0d6ff7c92b33a55c03605b25f088e68f3e773cc139fc3df512cede114bbd774f1e4b1a6e24b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
f386020c5acace9356a388b1e39b9bed

SHA1
4b1ab3c9f08bfcc5b818f9f93c4358c0392825cd

SHA256
3251a79e746c1cfc987ffa9371ad1692f3ddea7f1ea1af247cc90b7587d81512

SHA512
5f1c24a05bb3eba19b77b901aec5d7c2b36d3a2166f71f471fbcad3e733f912c6eaf750924ad0e7271433389f09d675434296b7a438e644c453abdb0b5cf44d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
7ee007423a8964706a626854a5a4bbf8

SHA1
c2bb1941e23f88afb0cd325c895d2dc80091f343

SHA256
441dca6838e44966d7c23022c12eb3a5a58a48db733734de482a9165a7481039

SHA512
7ec4047c469998793ed87f21f34006035d6a80efb08f98fe68577cf61b552f76046fbdba2efef32991e3dfd7429eba02c5faeea787dc9535002cd36c8fb83ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
e3409580d1dd025e36335470e981c435

SHA1
e25a0dce584a94ddae049e1eb850df8cbb1f7919

SHA256
ee4e45bf650e90ed69a9ac005c6a02b38e1bfa60bbc7ac5689fa614a1f811108

SHA512
129151ab4a792f1dbed14e17999c8155446fe433ef15bc7fe90b277a2b8ef80b4d37f8c4657e9a0d64924e1b334d0642501b9684b5b8c3b997b3ff2edee8e9bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
9c97971ead8d3031f6cfe19f8ed22493

SHA1
335d914c90533968e593866fecd9189e57b04a7d

SHA256
bcd182e17ca03c0ce3c32709d7907b53c6c5ca972d3388783db49920addb2855

SHA512
719f84d55a62ec6525649fc9c8cf47bc76b5bb84ed430acb369e2cffd100c48413087ad6e224e48b5c8498dc4b5d2e005eee907cb1f1c2f0b9bfc6c97c5c81bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
40995d59b430601bf044b0ccd9dd869b

SHA1
d97a58be399b05eb65edab078ef942a8f7ffc242

SHA256
f5d382ff762c431948931d661e69f0d4138db49b1d362974ccf1838a09fb3798

SHA512
2b528d4ea27a60fe4077b70ef6b255aeccef71fb80e63c435c7219aa297ffbf8d1fa03b32b6542fb2cd90eb08d350312424c1dd9c8166c2f49624554a00eaaa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
dc22d14aa1ac5bac794a20158fd5982a

SHA1
95371204f9cc162753aee8c43cb31ddd7ede5434

SHA256
6b8452f6ec1473e0e385b77219b0ba6f5bfb3584bcf71feb35ed814c5eee3050

SHA512
1714c4afea114b518110ca73ac14ae0cbeabe25f8c835bd6f81b017f05cb0d74970d07e889159446d4017e53c64eae607dc89cb6e42d143d855755f01c172ed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
4c265f0071366dc1361d402e6ee8f1b9

SHA1
fb282a570154cfda6a52ef4d29b5a88ad27d59ad

SHA256
403b91e617fed268cdd1a4ec05c22a77dd58043e563cd38e2ef74d55a7ee3196

SHA512
6ab696a251d64eaa53b494099e47dbdd8dd891c354f5786cad1ee409bae9a5fc6ed016a42907ad85855e8ae6f3154a340097dd5880a8fe2de4c1c3e1ea983115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
0f0f5a6c4b101b8c1be9a495625df893

SHA1
e94f458829b7ec538b82f14030924a9543967430

SHA256
05036d45a5c8d47084008dd090cb46484226031ec8d3c1224f42f88416d03c79

SHA512
0d35fcc20f010504031d572d078499297a22f9ad8fea81e80ebea7cd13f09e5eb82329f59aeb30f8a85dc37c9f90857c1181f969a279561895742ef116ac3de0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6044b06319a18199facb71fcb7f1887

SHA1
7672772a94dc355fb6f5f64a851d552e212860b2

SHA256
495ecc522a17de4200c6a3d0f7d22e7f65c44b0bc249376e383928756f50526f

SHA512
e2773987107724d814d77b097d38377d9218f7424b9e0cf8a20844c5ac624c9d851433d4a22704574c33f4e633c12a5e12502477bc4b9849a563a4adcb1fe243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
123abe89f68c007f159a0ee1c7f0eb38

SHA1
e3716d27792bd8b4a77a0d8b729dce76d69b8f75

SHA256
cfd9a6e57121af76d9ec33003c412f50692f3b73f0bcf2ff4aea84d85a91ed6b

SHA512
a1d7353c901a1609df1e804b0cb7801c8af93e00e54511dd5bc3a97c02fe08a7f20afe153e8205a2b076b185a484ff108603942e74ccb9cd2cf0ce4371078882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
3d22ed27113f3019224b531de8b62cc1

SHA1
21965aa7aaa900cdcbbe4b89d41f58ee58e429a2

SHA256
c2a46c67502516292018b9cb0ce848839744c8497903a9872c50fc00d7fe2a3c

SHA512
de90e46682ac651e216886ac27ef3ed89a88ddb7a9d2d7c0bad1acf423a06c99f151c650507f0ae7e882ce7e94c9de62c2ecc772921e36b3549da636a41abf41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
120B

MD5
50c9dafa632d76d645b3f3df533dbff3

SHA1
1cd48f782ae0425402d2cd8e3a788f2e6af7f822

SHA256
4c787ca2760f26bedca40c65d9f6a9502f42b086206339b8e254c98925b5be79

SHA512
8c08c510a09e912e79f66094d29fe0e445cd754815740cdd3c24c27297dfe802556112c32130fc3b70b67904d751f4cd824e1922510a873be69adad46a9efd5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
06464e27be38f9ed3c935927f8f422ad

SHA1
0236bfb13b4e3e56c17043e86fa2619974490d5a

SHA256
1a06490ab83e746e14385dbbb53219da17a958487b58a317bdbdcc4da6e6244e

SHA512
27fd15bdbaeb941bda667e68c2cc6a43041703c61af704d37bd72201304a0307c81eb34f17dd45e5f9903d00d86fb392f5bf17a9384c85aefacaaa407e328e61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f184.TMP

Filesize
48B

MD5
6c1e03812fbd9e7bf8fed308d1c17043

SHA1
ba0dbb4a25db3acf2a53582c2ba0e3d9491732b9

SHA256
a586c5171a7a40bb3327ab0956a85cfc40accaa1f5aa641a68fe252e6a571b3e

SHA512
f20733b3d24199c020be26fb53a5aa07eaecdc434165747820b064c2cde662b2dc2665444942faab6f4e83851f845cbc06465d36fec24c60d56317f6e3a2292f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
e197ce7d44850ae585d70cbc0eee3388

SHA1
cffac2c3be24009c9bcd2c8dd5bd29a75325a480

SHA256
35dec39936cdd9c3bd0fbf7557f70e8507637109d90ccb821f513b34f272a735

SHA512
14425203f2656b41c7ff206d151fc49222f5db67c4fe7f18728da0b81131289c292472a7d8d14d1c796d59fcc11e701f8b8fd2dfe1fab16e7f1c5cf0d2cdd39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
f47b6cd7de94549aecde34da61969338

SHA1
e46450232b1a1aea1da3ace5fff4211ffccb1973

SHA256
9c4d990cbe773764122c75d462a99ae1d4bc340607654ad26321f80a50993112

SHA512
9f323bde7269ccdc1c8ebe66adbc13238e9450c975eb8513c960164a08d6ee5444e27f57113f82005096a42eef4e09bf5596a9cc1734e3743e3e8c8d7b3361a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13379446604426623

Filesize
38KB

MD5
2b4569e6abf5075727105341785a69ac

SHA1
f3b75da18476e1f158efeddf73236ce088f7750e

SHA256
a6d65329ef954730e7e7b59e822888c2dd89d3e067c7f9e65134782790b22dea

SHA512
9df3f72f08434e38d1837a690558699c5058478093ab39b3255489dd81fde164dc5ab7edbbd9d16dbf7686ec263a0a8b1389e9600aadd679469956b4e6c6a449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
256B

MD5
627ca5806caede975f5594db228bb9be

SHA1
f06d767568db341b47e026a2c30df80feb17ba0c

SHA256
ecc9f02383b467bb98f4268caad1970063b9680f15c30090442db5f6d4d06093

SHA512
4ccdce3607f59aa29ab6c2574bb2bdcd5c6f4a4610aaf96fae12ca8b8868da7e152bf35945b6dddc2bc72867de77f3736884e067662f440252521dadf22a5e2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
53e8ea4dc26f63b0106a6d44aa1b0786

SHA1
b3984dc14a5000927a1e7fc12e4c10326e65c685

SHA256
b5ce1b1a98c94092be50974bec70ed76e6e2c0495ddf80d90a4728dd835e1259

SHA512
cf56ace4e241bf471b0ec638a89d08b614a78dc37e3a23693eedfd7b7ba0c91a97d0483162dcffb4eb9e77825636e2f6b6412e58f8e8611f0cd9df30e9dddc61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
d153c684925e2eda32ef7ab7b3dc9c83

SHA1
5d9a075194e68d88b0f01721f03ac5ae612947ef

SHA256
d719e1e96aa654cdb74c01834e5c2678468d7c853eba8c23fd9d361c3a57bb6d

SHA512
54aa28ae95afcc83bf5c54527d2ee1cb06fad4cc653463def544a27b3f2f9e550967e1dd437a4926f1cc160b685d2db2133c766ef0b1d165e282a44d436a8f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
0b4db8bf80dcb3a98f99cd3b6fc6d11e

SHA1
83f23a466ad8511ed04df618067e342bd7706bae

SHA256
d17a9093e430a8ac6f9ef277ba3ab993f9453156d8154cf0b8bb9ef7070112f0

SHA512
5df66f8019d1aef8bae605ae82fee991cc4b2c92064284b8336277f6c333eefa75279913e994e5c45db9cd29e0ea8ee5fbe63f934a7b2abf546d46d6dbc24fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
46818e27f05f780ceb22ed9c0ec79880

SHA1
6dad8d3aae52f8f0260cd4bc98396f30b3887b56

SHA256
7f03ff3c40ad83e92ec4f20d1ee992c49071a361c24eb3dab1f2b9efe2acb545

SHA512
9eb2854040cc88b502b8233dbdfacb52f8cdab927ea841be57b68673a924f6f684c7961ccfc285e3d4fd51451e70e2dc06860ace0e26220ee8b143a2f797e684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
70e631a0c67a67885b59c9cc8d943948

SHA1
a9e46b0bde358804ab73bb860c419d311f5c0444

SHA256
a6a256641bfba9ee9ee9b0d3afd052c8c635ae84dd8b4d0d5e26b204322433b9

SHA512
52881efce46f5f72956b002e59530f0c5c92e2b395d5c4b67ca29f4e00e670c39741fa6d14256357a4cb460c61af31ceca9003e13b345c8f4fbb2c86311adfc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
0faf22c3d91c9f08a81bb0771ffdaef5

SHA1
f183f307aa2d444d48966abca7e0574f720bfad0

SHA256
4737306c704c0a0a64d45ac126056e9e4fbe73efbaf5c2af311b0f4d7568e8f2

SHA512
075ab9c7f611c62cd913dc627994a8ed894cc150aa3b987a629c415f03450e21590c70353a20239baedcd380237b1f25a7d506d1880f8bc26922ae8faf889b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c77cb78127735354eabcd2ca952a1945

SHA1
18ccd652f653671dc272cf4afd513722ab50c5a1

SHA256
9be34a82a877493dde7f1ae315ab51198ae2d2b495e4ee01877fa41e5ba351ec

SHA512
6fc9d131688a83c43c2cbe6eb9f91e58d3af2e3ed0834072e9c17fb44510af8d0e654c8a0b0103767ce324a303cec6a64bb782a3fa5a3a561d153c25be94f526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f1b3.TMP

Filesize
2KB

MD5
abbfee32f99bb48ce0fd4e6b2e10bd5b

SHA1
b052975de1c43fe1ffb33cad8231b472a7dd2d1d

SHA256
cd4ce3d01b152069fb20762932de5683d11d142eb05170c6c1115ed3a46288f0

SHA512
d278c67f1f69083d44923a182821d18222b45ba0b84d21745e5a6038e5b031b052f21b893bfb9ccf5c294a98f8de35c15ccda2d3f38b25d5c0b0ffd25b0275e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
3a921976cb7e4d878344d262fc0faebc

SHA1
d66dc9a8d24b9efc24ecc74c90aced5a8c28c5fb

SHA256
ff04d2f73d71ac4512a09ed895e790207189cdb3bca90d1bc1a3a84ad2d822bd

SHA512
c052d1d39aec79d00e0f9a3845845ea32424054a0f223754248833daf9e9d4cfb293d6f5869cd4642634c40e5bc97f6705a9216b11b40c513a93074e5aa50dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
152KB

MD5
2af928b395175db33216facdb988edb7

SHA1
6657fbc8afe0d5129edfbebc5024eea4b6d1f62a

SHA256
2db2c14e55fc1201af10428319f8a9600e494b214acd58070164d7119ab95e53

SHA512
b92d3b67be865ad1cd2e6f6e1b57e146e33a0d87ac9587360988d569190a866f4985be6c601cb9e735832906c3848d2ff65437225c188d7b414ea03d488c0e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
4.0MB

MD5
cbdaa7c91d9d7dbcf9fa3c9b0c4ee71a

SHA1
182113ae70850e99eb5f59766dfc90cf4904b347

SHA256
e2518771b20e93828fe1eb1c2c41daf437c518866060a7e6b13ddcbaa1393cc7

SHA512
6c829e65523efeef8fd1e7c5a2c36d3c18fb2d044e1c5f240833dbbff8417f085c4de5832688355aee1c7e7f5080cac44ccc499179c9747d1f3c67d5e39de0b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
cd6df8ad3872c0dd5c20c4051c521859

SHA1
054db673ad4598ea5b27e219ec382bdce2b24fd4

SHA256
ce98bc31da1cd136740862faf93ba525d6ea5d526fe65936f0fee6f4a795dfd9

SHA512
59289b4f760b08ec438977beccc481ae1c260af603f708ae7a7be24e55503c3bc8d95a7308a08fcc716b5c815ac3746ce87bae12d56bc7c61bbfc168eb8e6cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
111823b880a24e554b5e42ef9cb2112c

SHA1
09042d61a45e7ab7e221c34cccd90686a0a072bf

SHA256
3841a616d8a88ed3d22d1fc28bdb28d04540880518f4f714c4470b680e207847

SHA512
f41d06412e0d071ab30b82a3eba38d7faee718b9cfaa806c55a9bdf17e94cac8bb4d8ea1c273fe73f2cf8463c621f50927a1df90b7585e2c0e3ccd8f6f62c2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c28b95be51ed54091f8ad0b0092e1acd

SHA1
1d3ce56d4d7495e678d12446adc544e96827bf40

SHA256
d85d5f8b6aed0bc9eb71c7f9ea9f833e2f5b27543b2d4584d282b4f7e1d480b8

SHA512
e618fd3c36cc9a90efa3f59dd1e5a074866c8c876571f1273a9a798a21005f619e31cca075da1d9a8155e1bcc817944bd37d16360eb81a5b839f7e2f43049946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e13394ac-777d-4755-9f2a-5bf21f03402b.tmp

Filesize
10KB

MD5
747a11df0fe7d18f25f27563b4a0cad7

SHA1
dc127e46411921480d9ae24efdc27433fdb0f93f

SHA256
270f4e92b522dfb3721f865f9ade5f3c6f62082ad081ee4b172a8895951d166d

SHA512
7e8e05bd7728886b3c1c63cc06e12deb4e3a5f5b38c78ea78686fef54eefed14841d3d26d00682a0c9690c0568718e8bce1595c3c9d203e5664ecb983d0842ec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
0a626f098c4e5812183911bf33b64368

SHA1
d0a199ea9003adb349463aa340bf8dd14ce4810f

SHA256
b581e2328f0ca065f5e82bcf9323405074692379b16e7f3550c825f737bd258c

SHA512
b7d11bbfbe89d43582aee6444218d80c10d0709db2d61d8b2e011fcea0eafc358a9f80dd81099af02562154dc6b85658b82c50ed77770ab60e9f1b78fa1a5af7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
9b8649a15e33e711768f379bb4847371

SHA1
4798f513095493e085e88cf957faf25619fb21f4

SHA256
30a9c8161fd0c034e7933729e466336d7dabddc83f88e6d601a52f9c18dee27e

SHA512
3c727d6d730d76ba8823739187e67bde93bffb6827acdb27b12769ed1adb03a0b4728260919448cfc3de34375387e7a8d0a8cee98cdba873a8c03d31702df761

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
83e1db5f93cb446bb7675d5a94aae027

SHA1
6c343ac847459ab3c8185937bbb5b254edbcd671

SHA256
8c2684424f09f157ab6b4449139a45b7ffedc2ee44f716b669f55f7f031946b3

SHA512
b318902bd42d203ec0c3654fba024eb17bb11c626de59135b2e3de5f2f6a1f6db1fad0c6ffa6ccd5d64c28c88e378569ae37107ed6fd79e1bce14a37884a5634

Download Submit