hxxp://store[.]steampowered[.]com/sale/blackmangoestorapegaybenceoofvalvesteam

Analysis

max time kernel
331s
max time network
331s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
16/04/2025, 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://store.steampowered.com/sale/blackmangoestorapegaybenceoofvalvesteam

Score

8^/10

steam discovery phishing

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
366	652	msedge.exe

Executes dropped EXE 1 IoCs

pid	Process
1276	Free Minecraft Premium Account 2013.exe

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
48	652	msedge.exe

Drops file in Windows directory 41 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1776729095\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1183044567\deny_etld1_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_784052561\regex_patterns.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1764967787\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1280779204\kp_pinslist.pb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1183044567\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1764967787\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1039310208\typosquatting_list.pb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1039310208\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_784052561\v1FieldTypes.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_784052561\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1764967787\typosquatting_list.pb	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_2094472133\sets.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_521604090\keys.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_521604090\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_521604090\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1183044567\deny_full_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1183044567\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_784052561\edge_autofill_global_block_list.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_784052561\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_2094472133\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_2094472133\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_521604090\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1764967787\safety_tips.pb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1039310208\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1280779204\ct_config.pb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1280779204\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1280779204\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1764967787\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_973473675\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1776729095\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_784052561\autofill_bypass_cache_forms.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_973473675\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1280779204\crs.pb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1776729095\protocols.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_2094472133\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_2094472133\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_521604090\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_1183044567\deny_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_973473675\data.txt	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Free Minecraft Premium Account 2013.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133892823549651545"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2123103809-19148277-2527443841-1000\{F17A2FAB-E104-41AD-9222-F24457C3B46F}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4820	msedge.exe
4820	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of FindShellTrayWindow 19 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1276	Free Minecraft Premium Account 2013.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 2928	1172	msedge.exe	85
PID 1172 wrote to memory of 2928	1172	msedge.exe	85
PID 1172 wrote to memory of 652	1172	msedge.exe	86
PID 1172 wrote to memory of 652	1172	msedge.exe	86
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 4108	1172	msedge.exe	87
PID 1172 wrote to memory of 1072	1172	msedge.exe	88
PID 1172 wrote to memory of 1072	1172	msedge.exe	88
PID 1172 wrote to memory of 1072	1172	msedge.exe	88
PID 1172 wrote to memory of 1072	1172	msedge.exe	88
PID 1172 wrote to memory of 1072	1172	msedge.exe	88
PID 1172 wrote to memory of 1072	1172	msedge.exe	88
PID 1172 wrote to memory of 1072	1172	msedge.exe	88
PID 1172 wrote to memory of 1072	1172	msedge.exe	88
PID 1172 wrote to memory of 1072	1172	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://store.steampowered.com/sale/blackmangoestorapegaybenceoofvalvesteam
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2ec,0x300,0x7ffdf24df208,0x7ffdf24df214,0x7ffdf24df220
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1828,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=2808 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Detected potential entity reuse from brand STEAM.
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2668,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=2608 /prefetch:2
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2244,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3468,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4928,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3484,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=3716 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4992,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5540,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5576,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5576,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5444,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6032,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=3624,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=2908 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6652,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=6668 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6660,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6696,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6740,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=6804 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=4628,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=5032,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6632,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=5200,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=6272,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=6056,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6896,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5688,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7036,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=7256 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7180,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=7260 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7296,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=2916 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=5124,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=6532,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=3532,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7432,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=7340,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7392,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=7248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7956,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=7980,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=8004 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7968,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=8336 /prefetch:8
  2⤵
  PID:1548
- C:\Users\Admin\Downloads\Free Minecraft Premium Account 2013.exe
  "C:\Users\Admin\Downloads\Free Minecraft Premium Account 2013.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7812,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7908,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=7380 /prefetch:8
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7860,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=8144 /prefetch:8
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7604,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=8204 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=5936,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=8012,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=8548 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8532,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=7852 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=7220,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=8124 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=3300,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7992,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=8404 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=5700,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=7800 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=8516,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=8096 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8684,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=8064 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=8204,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=8740 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=8928,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=8060 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=3292,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=7880 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8124,i,8808136014689729289,11996581002385601373,262144 --variations-seed-version --mojo-platform-channel-handle=8772 /prefetch:8
  2⤵
  PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4920

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2156

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x4e0
1⤵
PID:1956

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4448

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7a1f27120006b9d40c8e06e1e06f7db1

SHA1
6c384cdba5a61aea6e4c9a4c58aaa561a276a2b0

SHA256
75cc38eb1e84977dd8c157a851941dfac6d4334c66e86057512802d5acc0529d

SHA512
827bf560240b3e2d51a186dc32bc67c4ce31c13ff511d6bd84f03ec6187d211439f0cade5490e2c601fd26cf79af746a381357ed7e19eef9147fabc04db4a240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7da492a02c29529dc0ca538b502e3379

SHA1
cee6a1b81936f6a20f1c9c4f35c29394338ff54b

SHA256
553164a83cb91c4905a86373c61bd899bc1007e7719791878bb95290f1f27f36

SHA512
3a1aaff3da507ce35c4e06ff9fd2516c65780849b24fab33417da2e799e20bda3594e5f2f32b1326dd1d3da560c76dbff1f626c147e99c7a990fe09ab0a2e89c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1179bf01-6cdd-49e2-b994-2653f9ca618b.tmp

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
357B

MD5
a8a03633fe0b6e2ddfaad7ce632a9267

SHA1
f1aff1923ba5341a0196c7f82626ebd69f3af611

SHA256
7fe1463a1cd98786e5d8a292fd637bbc7e912a6e63c298d8e9d024422977fdfd

SHA512
2b4f50b6204927a97df5b8c0d4161091259bb5737746302c2c08c655d053dcdc5e28c2a6bc538e914b5cbea0da43b1dd440b3e40faa7d47ef5186dd973adf712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
ccc553aa13a6c6532ccd364e1c942200

SHA1
776ec99d43c23beca8ade3ad8fd4797a7b818f13

SHA256
6703211abdb7d35ad845e3d71db08ff04d9b7b4ddaf39d3d9f937e3b2a4dbb70

SHA512
fd3bcd1b9923ca4fc88381a911d8755b824a0e500b7602c1efb52359c64a961e4d8349476694cd4a628e7c926c1819db529714cf8f02949fecfdfd998d9c7b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f1

Filesize
50KB

MD5
0b6d56b5bed1e51707032eb03cccf94d

SHA1
91c51068826e2f90d85ad1e5498674eeecd34024

SHA256
8cf962dc7da03550a813a547792184a7189dbab2cd6f19d30000348a07e600d7

SHA512
adb6e58d352c7efcf2af1a8b1db6933def590dd6c6525c7f9b880aba2c61b20c63eb0e8755f3387fde3d059210869c4569bdde5462346b2f39f0ac7a12cc1088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f2

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f4

Filesize
70KB

MD5
638b28824ff7d2a8b5eca31267ffaf3d

SHA1
51c91fb5de5248d6dbbe194565231c4bbbc197fb

SHA256
a2477313b8f9735a83fff20ff6624d26a13c893601a3cf6148bc997022913011

SHA512
0eb506d4d9f7bf3aef60dc2d69135a1eb6c9748eca15f721cf5310a7bfe131e21c3504dd75ad986ddfcde907cedd8522caa64845de1794000c2fe7a477189af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f6

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f8

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fa

Filesize
26KB

MD5
1ac60f4cd693bf9306949f2f672474fb

SHA1
000445128aada9c409260996bfb105fe5812298f

SHA256
3eafe2d655479d96ad99e0f64a341dfa60eb05762cf5f71ae01586540e8ba7dc

SHA512
d82e758dc58c0f2386325cbc94f192b046e3054c770b17e4ea4076d1f9921ed14eef214ea632f0bb88e9b21d7e69c7973e36799f88e58d9e0db15f7e4f70f4b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fc

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fd

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000101

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000107

Filesize
278KB

MD5
71993400dff8f5e46aab6bbb6d1fab4c

SHA1
a24dd204d4433317d15f37f5907bb8e3d50200e5

SHA256
c48585741c5730ec773d2bd5392d56a65bb06e55e5b53f48464c073cbc6aa2d5

SHA512
4db1d53d4e966da64dd372b82fde9282665b09c3d3ba5da1f61fe4c55a059e976e5ede77a2c661e6d295723141d662ba1d35456ab0ec901142ea202148ba2177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000108

Filesize
16KB

MD5
5f65521f6c6223e1e18cb161832bea2a

SHA1
f03800023e7bbe2579cd24e122cdf8c6ecf8b4c6

SHA256
787b69b93681cf41784dfa8655cbdafe8a56ecc62f0112a6ea2241a284a0e3c9

SHA512
4aa87e0f16d2be6398849314b375b865a8a3b2287dce712192f234ea8ba2222720555540cb8f20b9df36e6a9dd6b84849450ebe611a772ef488f89082802fd79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010a

Filesize
75KB

MD5
f1ce60db62e40cf6909e81c58cd22168

SHA1
2ee14a8c6f61afa4fcee99da71270d268eb2666d

SHA256
11963d0843260fba3b2a851684eb161f659ddbefbb33c43fba20bbe2a8fea1d8

SHA512
360803f5ecc04ef8fdef40719993acfb0b53e11c55490166e432540156d1e07faf196e19d43948db0f3e96131d36e614ef639023356a60a9c7a6a24aacc1c35c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010e

Filesize
23KB

MD5
d06ae7937cb47cc2cfdea9efdbc6430e

SHA1
699c043d0454d421bfd03f1ab5b103b4f54fa793

SHA256
7568b3ff7a6ef8f98ea849ef4d5bf6146d18d74df038fd8e9254117a410a1e56

SHA512
5b002497b13d9ce4544429363382ad588e8e87d958c98f7b85c715cf075e322de04981ff07e294f826c7f1b0dddcf85a273ba01a0c4e3fa82a3ea41d1a298292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000112

Filesize
116KB

MD5
fe6df5b8b74cf1c9640a87c2ba5d1118

SHA1
40661c364ce5ef7bc00cc3d5bbfecbf91a805774

SHA256
3658fd795ad1f64c79fd1ae77ec23f72ee96e8775f11a15f1fad5faf3584bf64

SHA512
986547637a8fe068a5917b9f8636aed413d288402702afc5f5645b63ff6cba2ca23c5cee3bd4378371962d09d3ecedd1c4595dd72c6d9a5296b1f939ea71187f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000117

Filesize
21KB

MD5
ccd9db843300d4ca9cd5166435f8a8fd

SHA1
87a4c064e84fa316fabe125369c3dd62be1e9a0f

SHA256
97a154354a250b1d8daccd2f586920c7fea39a285f3de5a8f45c845b541d74e8

SHA512
caabca890ecaadd98c65de032f13cf1778e8c650973a1c4d0c793afd9399d5429b498311247d633069ada034c4593180a6ec4706c9563d6908c1ff7dd0925c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000118

Filesize
18KB

MD5
4f10dea7e5bda44769f11a19c2264cb4

SHA1
b28e3efb06290b837d34848e6408b6a4cb333c33

SHA256
b6805f8b0bb62622c4b23cb4736cb98813daad11b0d9fe266e45db0dc935099b

SHA512
0ec386d3b7cfdf981bb9032cf9df89b26223309cc95f6120af8d72e2e903a9015224863884282141134d72ac81f91188def5df0d7dd1dad9d26efaec96c63e1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00011a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00011b

Filesize
34KB

MD5
ea9b0615357c00e823746205c8e079c1

SHA1
aada167570f7b162c9a69ce5850f223cce4dd37d

SHA256
ae5597e81da4f45d05b730bf6beeda45539245a003f17eba185cd1e97cd2bd26

SHA512
15bfc6a7a05803f74bec51edf4ef9262f820ed06a20b60d1498e0a659a0bc0b20e00ff4d3bb1c8c50075916b759af77b72dc66c913cc9a6de7299422d2172356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00011c

Filesize
137KB

MD5
1fcb83a842b0bb463d80360cbb2e41bf

SHA1
8034feaa7e9f11b7feef65f34a7541f1417515a5

SHA256
d2c6dca45300a99e2da8be3d6f458aa27400d16ff873a41100ec60dc575b14a3

SHA512
54abb66a49c24a43cef6b0e536b7566101a6e40c0bed552a70bac98564fa40424bd2cea00649fe7047d8ed6ba058840349a6372f08c1fb832a1581b687957b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00012d

Filesize
118KB

MD5
4c7ec3b0da75b133bccf37fd6587e5df

SHA1
5621a0f460d1cde3dce75a8ee61f64d10ded8e30

SHA256
9be5fdecd5896d6978a402778ed42653132362e5895e676a875395be89a6b42b

SHA512
2988d3a40e4f1e9bcfee26a362ffa5283dd4452076762775c6db597ea5a52e5807d4368564406687eaa4556ca826a0b8e1f0bc18a99f8d206bfa4c5b26eeae9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00012e

Filesize
41KB

MD5
9982c7f6aedbb725a710ed400da71321

SHA1
76068aa66a41ae133df7718131d9d4404cd315ac

SHA256
84dda457d2205fdd8e265e6e774c9b8f67513fa46933aa4523694e165e720b63

SHA512
b23be61ca8945bf9b8254fab3ba4d7330fd540e60891c4f41f32d5b2101256d0176da6e7abc0ffc14d14e4ff75eac747a118efe1653eca4b1564d744f85b95b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0050cab9a4ce535a_0

Filesize
244B

MD5
612a4b306d78bb92de76ad90c90aa734

SHA1
70b84344b962e6fa490bf83181f382f9ec926c69

SHA256
f7e0183f5977e91d13360f59bc15e583d714fa3aac629cc20b16dcf52ffe3c03

SHA512
0c9e269540d4d94b6b80b084048ac404cf315e968270029ebe5db7df4039b42e7e8c733295c5444e3147dc699930bac328d35054ab7ba3d91aca984142df8583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1338bda1f5491fb4_0

Filesize
390KB

MD5
5147777632fa8cace7f52357dbb10113

SHA1
dbf50b7dfaf5c840895564d29442743d330886b2

SHA256
1347ae72b4826da271d10f27bf09123b36f6664821df07acdd03c4c161293a3b

SHA512
900a3539965bda23cbd4cd3e7bcdbdc2065077eb32cb708323df22b3f5e19f74425c58e4c553bfe6cb70770d4fd9a1a34ed67b70c4f20b7b7e55d52b6a9b988b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\163cd041e227ffb8_0

Filesize
5KB

MD5
6024e4874d6304dc33b9f5a00ee16bb2

SHA1
6c7d1d0a8bb5489672a8c5781c8f318851220721

SHA256
1966c2ceeed91725ed0890e694714b614cd87ed4c24027d709594d8b22ec79dd

SHA512
ffd0e198f74f3e61330cfa0757bae5403fb5d10e039462d0890dca07d23dc12c5816b60c8cf4b302e4845c48348eca7fab7e223e92de08f1a5e6e9f9a5961998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1d6430ec6ca4b13d_0

Filesize
285B

MD5
f80477398843cde2532dc86cea338141

SHA1
1f1b478df444f5a769815d5cb4dda50aa5867744

SHA256
f1f1b272673cf654b868f9202c60d535937d74d32724a037865d7a94051443fb

SHA512
021ba5556a24112d94144c862ace6401f4e1e4eeaff74221d880e283362b000ac2c72ca43189cf94a8ce18287a76fb2e9e036fb20706187f8d6dfaed2b5fa2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3953938072bf28e8_0

Filesize
9KB

MD5
1a5726bccf53ade0ccb6436015ac6f70

SHA1
85a438273f31fb33520a180ffe8e70424650d7c8

SHA256
b8d763a8f7f335f581276b5a1f25f45763c734aa42eb8703a39dfedb4bc96416

SHA512
d5ed374271df8b94cd6d7db69f3dc5319fb98f5e1ad02366a9c609c1a871085958c2b1d7e6a3cb2ce81859690ceea86a40f666b33134aec8219ded75de5e4820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e8337a305cebc8a_0

Filesize
5KB

MD5
6aa853abb87bd054b8be1b0b08701892

SHA1
e86eb23a94e52eb08e6e41c49d4d08de808571f6

SHA256
234191c1a283e0522df3a29a25be06f8f80ea6bf46896756a511000e30288551

SHA512
8d86f7a83e723d3a12341ae9385d6098be6d8ed8917818e2110156c5a753ab434ed961a659025a4e3c22a4cdbd1aedde63aba7ede94718e19ad7a9b99c9d9b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\794f5ed66704c1ee_0

Filesize
1004KB

MD5
a833206f7071dfd97ec28f647e3d9583

SHA1
572b03ad2a6f53941cfd5d776cc4082e444e95c8

SHA256
443243446c6a9fcb3c547197f296e7ba3f6971973942a5701a98be5407c12068

SHA512
91cc38f11b48eb62c054806e3798cac5bc1f7516fd3c74e51569c0f94a2e5aaf756ba939a53e1eb16122f615ca9de3e00116a428ce7340873fb6af232e21b4cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9066b868e207703a_0

Filesize
253B

MD5
f71a9ab540433576f305430c55396611

SHA1
b69c6ebdea82261bad8e7dc175ad728255d7d299

SHA256
0ae7038877f33a2b804ab8517df69e096000f4d5a0222ebd5c94a52d8d088c50

SHA512
89d86d7fc9b465b26506de7cb9843cefd0275089d9cc4b2748ccf5e9d9897eaa19a20852e5a11be02bef4dd8726cbf752817e448cc5f9591def54215466b67b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9ced63b47965125b_0

Filesize
13KB

MD5
fe3fda48536a67a5bd110a96127f6ee2

SHA1
d6213af572c4a897a0a1a53018238206fd8a4cdc

SHA256
9ab6719795b6cb578758714e98edbc10b7f1de7d67ea2a0e2c9c7b6783f0f49e

SHA512
367d7c48bfe3d27f425e47450da64c38781fe6f0fd30d7bc37683e047217f0ec2cf02ba98a4be2f20d358ceda1a45239e709b3117852130ae52473bfd32743e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a47f73d939d23722_0

Filesize
243B

MD5
21683b5700ad91b549536f391779018b

SHA1
d3e366a181abb76b377e2a2f18a401aad22988b7

SHA256
8635f03fe5cd1df919acb01ce1f6a1a799b3a0a7072421fede0ff3a1a35cc26a

SHA512
402195d64b7453a5c38117be8a957b01f88ec095b7b52a15304448b6a89a35133796a9e00b2f4bbf2312e6ae28a9dc78999ca24db9fbfafbd173c91fc0e332e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b6d8f3a1b34217a8_0

Filesize
290B

MD5
d9df1da1115aa1d275b658f17c804b7f

SHA1
c14eaea6ccf4a826121d1a025b9575476e0a1e98

SHA256
a592273fcaee949a4aea6327232c009378a0dd95c177285a40746f092a20085b

SHA512
99f7a78aa4a46e785dbe5c0544a5f3e504398269552863cf34032c5188046830901b5d731a82ae0bdb5fd29879565ae7d3c4b3f979e7a950f009fd0882237c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b9f380d64f95e054_0

Filesize
254KB

MD5
6721a4b63e1dba9f1f763671f41414cf

SHA1
b74bad3df2d8b4aa1712732511ae251ec44d0644

SHA256
841bcef8a61430245caa006f34516b83ad9299df874c587d2439137c22222530

SHA512
b827d59d001fb4e70d949fe618d42d61ebadadd1c29e543dd7d20061c659304ea39a541ed42c931b7a6e44eb62bc331c2ad525d46453fbd908b653d89eabdbb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d618834697673edf_0

Filesize
5KB

MD5
df0dac9fa4e598f0027b25504565d22f

SHA1
ebf1443d2a26cc1a8ecb099f0196fbb96539ee6c

SHA256
3f91a3e635c9bb504741db0b04b19fea78f6ad88fd2415e91b1a33ada6db40d5

SHA512
66c77d6b0650972dcbe531a28c98cf5c96562886236b97ec7cc70c1cd1299a3c6bf665b1899ce9f4b06205106df3550433a9c9c60462321f6b3097558c7d9965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d9697f4e04c186f3_0

Filesize
85KB

MD5
0e302840d8274842c2761b16095e9433

SHA1
337bcbd372a669cf883132cc7d83ef2e0025fda2

SHA256
0607db8ba9b644a15e4bde5e8f272d4f9b3ec0159a4beee1aca1039d997ad439

SHA512
7d1376fb1138f2be5679334848f1726552f020d33c2bdfdca734c8dd27f7a40ba54b58a7a7e75504683e79b167d15aed718ea525d5a0630a8f54f39e87b7bed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f0d030fc1d2244b0_0

Filesize
55KB

MD5
6159eaaab15ed3054fec4ac687571095

SHA1
69a940da54d0bee8d40fc3f77c8af3aa6ca6ecdf

SHA256
5892a997cc855ebd22e8cc1f8ebd212296ebd9b59878e076938419d4b3d5c086

SHA512
cba0c6eedf157c177d7724d704fcbaed052c4d5071615188d4a8d7bc1adea068beb3ee36fcfb45a9f2909f30fb996c7b2eac09ab0cc34a8b453ecafb1e7aa5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f22c121303db07bc_0

Filesize
3KB

MD5
266692752e55ec56f848783d75ad2e02

SHA1
f9bdd5bbe911d62118a5e5c850b9c7327fa79260

SHA256
f0a87c93a633c58957e2d5cf753b93611237a7fb359c3db560e56306e56ec7a1

SHA512
960b3be691f93b3c27af63546d2074672b4f4de2d820120d36c0601d65f60163d373ac4d3d942eed6e8d29d5646f3a72b2dc9f3b39dcd397c6f29a83a743f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
7KB

MD5
060e5d8076b69bb4123deff4481e600e

SHA1
257e489efcc4becd931043c51e98f775f8fceca2

SHA256
67166bb699cc643c77cdc9019ee4d6e6ddfa5bd3c58fbed9ed0d8965f00d1981

SHA512
265e2197b069dbc30ce07826ce0c81bd1c0cca4d4297d6f8d852fe86ade84331b7e3e4d8d7d750d2b49198f4b3e15dbc2229a70926a56f48becfad291b088929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
225137e805cccf34c03d1c7007705e88

SHA1
25a10025fd5aa4f8ea6156b8df595f7e7f0346bd

SHA256
99eaeae4787e9c1897e6d991b28d11dc732ab6c3a4572b31cc02bd018d840aa9

SHA512
fb3d7d4d8c891698702a9c354538dabbb15641f4fb09684c9752488ff33699e40214a8a6e2c4f7687dcf33fe255aa248ab61e93cb1800499a350134db9a377fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
358520d8402b186e69ce2aeb6212e543

SHA1
915fc2d8ee1f8015a19f37267f8e22124ee22b33

SHA256
79af017e201bcc64b0ba887175857c90347ff39f08b091f3e75bce4b92e8c1e0

SHA512
1d9f19e7d0a4f3ed0f017e8888fe2c714572efca188b5d0bfdc676e917dfc7c0d0025471ea4784f31399dc1108c030e8e0682ef3f484024f7a2b548c6386b418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
d7a33d04e6795807c12225f51bc41124

SHA1
ed10aad897cf1450b0656c65a39022ef7ccbd365

SHA256
7b96478612f79650399979ed2673a4cac5ea8af1ab548a4b458c27c35cdbcc88

SHA512
498faa9092c6792b048aab3faf7cd0619ac6b4aeaaffb7d2bfe5bc18f083b761744c1e0eb557e78ab0ef736fd61d6aee356ab7b3f3ad7ca510d9fa1b865adf02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
49e375e3b7392afccbb64554135d8187

SHA1
1ec2adb72bc29282b6423a630029c6df60652cc5

SHA256
1fe38f7e876d03e8e3438a87e5dad09c53ecf891596cb24d22fe1334282596d0

SHA512
4e8fd29b6296452da48bec0647f3ac38afef95ab1c06b0f1104955742f31068c635646042eef1cce8bc3fd3c70be9c11dcb38e0156b0a3120836acb2f49c828c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58c714.TMP

Filesize
3KB

MD5
0aa5201bc0cfef309883b4762b6591b8

SHA1
82be9180425dc6956b6ca9edfd3730060f4650f0

SHA256
96e7446568537d4f893e11d1f18e05197573ef05484bbf20e72835e75c0423e7

SHA512
9adee741fe8675ddcf50176c38ecd00942a2f3823d7b0099f5ac86459d11ea150db28a57639e386a12d69b765fa081ac82d7d741b3adf2d26a79bae7c61f1c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
7e2870560e181073c2c551797e0dc818

SHA1
22f1f097e3f6f39aad05c2ed58b4c38d5816860a

SHA256
7459240b55dacec39f091fc4605058f869fc3e7cd52b6ba0cddde295c5e9c72c

SHA512
8fb11a237bae0b3f1cb3b3b0afc8f36446c8838b55086f582adfd48bed4a7e0b165f7cc60dbf57eb4c99e1177e7fb45d470d5be8eeccd55e5d1ba3bd00177a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
29b0c04a6f82c42ee4e082ea04c1f432

SHA1
45009b527236ff8c727f4ed24976708d320edbed

SHA256
1ad4402a2c2c2d4588c4fb796d2f9b1e864bd5930ab99ec45686cdbbe37cea6b

SHA512
38c2d40d467c45cbdcdbaffbbfc3ae627e03c1fe2b6b69ee2badf52a3779d0aa6acbe79b17fa65cde77ee246fe7c12f8e144d4881a83d19750198a7b500d1aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
02dbdfaec2d98b3d4b0953ce1b96b6c7

SHA1
fa9c2579915aa9c78837b202624c2ea29f685601

SHA256
7bf87b5b33b19cd45e8baac44892bddca75962fa1035813996cf7b092057f9e2

SHA512
c502c9d8a5505d13c0815a9ebd3e5b1ee3379e8ff943ea3951956b68d97db1ad5a708d50a6981fb644ea4073fd5cc3fbb533bfcb228ae26f24a39532c8813e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
335bf6f9dadf4f1f24795b5ac15280e5

SHA1
991aed1391d0bb77f218214ba6f8a9e918fce71b

SHA256
40329256c37c9083a46c7a0b00772ce26d515b0fda7b6629177f04bf7a93032a

SHA512
a679ff59f4993951e0a2b7845febb88b70bff9802401d0bea4d2fc6b5a0e1b4e58fe55dbed0a6987ca0ef9e43c59f79b12b2dbcde52cc96f9e1d4947a43997fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
c6af9a67493d3025d3e7e381c3af2dd2

SHA1
8852e5dfa87841314e25bdd702d010c5e95c0bbb

SHA256
1d76b15265bd3ac35f2140858c8cd97af172af461897259ce2e2c698975e9962

SHA512
3c69515cbbd34f4ed7b7aa347b1fa277f8e105bdcb00697305098ebadf5fd955f2e27eeffa0de3de2d74bfbb3fd43d720b6769c5fe9e85954b53f39a6d926210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
ff0277cf2c65a8327ddec2c83bdf626b

SHA1
10702e377378c393598ea8ce8d016ac4a5dcf80d

SHA256
6897872982bdbad19281674259489b07e19fa2a168c64d542b5be97f229f60a5

SHA512
a4214bb3eb5fa005fa55994cdd9e53c10e775283f93ce609ef6dbd46bcef714e728d1c59acbffb7d89436961be388e1fb7b8a78d854f56a269429f0c70285f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
bf3304d5f70e7006b1f28ea10de2f9bc

SHA1
49b7dd33ff439b1f0065795289e08e3eccf4effd

SHA256
887c4acecc8d0e6375d76551a678f73f9820a569689aa16f8bb59276b78fdd57

SHA512
9e217f76fe16c25a73746c216c4776ee17771084a6b2a83582a9840b02b4b7ec5bb91ab9435965e480576d484b94630ba09d64d16f46c54cb185038690cda085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
3845d128fe81f56ee837f325552cace3

SHA1
53643e06a86c780f616396d421281c9e7ea62fcd

SHA256
21758e644831bea4e0d231a52b226636c836ea1e3d02bb6e31f900617792432c

SHA512
15c736319d3015e8201c97f759e00bbc5b9945178356d759f062de136861aa5670fca6c905f86243f8efc70e1c0cfbe8d4c442e03454c3f5f84fe4399f81c488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
b4188a1e478ae732dbccd9292ec80d27

SHA1
8d6cd9c77fb54da320c1fecaed7338d140b55c13

SHA256
16756e4f650ca5b0f084c832eac3ddc0ad56be0417b3b7fdeeb450ff0a6e8854

SHA512
a9a146734e1263785277de3893a001f09afac3c0fb8df9bdd4dc6eb23b65b6556cab08dcd2d5a65f35e5ced890598fb49bb85b0b765d65dc44aac3ae4d82d06b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
dbc38d488609f04ef8305e87e9a6dfdb

SHA1
88a59d0200bc45b12faa8b955c9de858ee656ed8

SHA256
a6b505d797d669468946e955afa01319b3d06d3a7d63e89f85cf1e95a3488281

SHA512
bc6f653e177f78f0d01cb32daaf7ad70fbbb41b919d90a67f54a66a362e62c58a9b7b4c2ff16dd8248fcd1fea193676547aa130168bed54a3bf66de323965ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
10c82239bacfc51479514b2bb685133c

SHA1
d6824357acbb45c1cf8832361b88710e98fcbcc0

SHA256
43ae2f9bd0182b7f4a26d898d981bc1dbaa510f0de18960371b1530ec0ff18c3

SHA512
a879687dec6a61611eadc37c07f2296da497301ab25f8197d0344406c676966ac8114a84e6df6d9673b45cff7ba12d30129070282e1920a1d8784a9640168a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
c0b90b250c5d45c91b1d3789f8555e9e

SHA1
d2cc257e634c449390f46151ed297419e3ad3942

SHA256
07215db9f06c422a50fbd868083af872e822185673ef3350ac85675ba8927171

SHA512
3ff2ca1984b28818adbae5e69ca61ddfd41532aa58ca354063f5ceb86d668a2ddd24301f2b76b2ad7baa025b533b3db4c60eba33599eb45659d17f4e6c4fbdb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
0548ec6f476b98ba9ad7a39499fd6a94

SHA1
815fa85bac2a3aa5613d767ac95dd997eeeb730b

SHA256
389bedd7cf4a12b29ab09361a892d42214326039f50d5d35aa02bedb67de5fe5

SHA512
5659c1f72af7dce39255ef6fb79a55837c1b1ce85485ddcdc6d94856aba6ee8bb55fe58c2db99ec45456f91fa3bf7227c6ca592c7a0ca4f139b7598846bd01a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
1e17bf33d19391507c4285f110f03c2f

SHA1
2e310da3de1aecb3d1469a6d1af369630349209c

SHA256
7ce10339ab21f5d19e8ac79e44fdfd96f5a7d686eba8ca882d1184f201029fa6

SHA512
38a768bb20a981b5857f10fb80069843fc9f321aa0bc1d8a4f1761a1c03d6b00a885382c88654ba3d9b88ea4b2b96f741f617cfc30df269f792b5f8506b958d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
31a29ef32cf83ab2c31ddd88fc8f4073

SHA1
85084c451ab0f38e17a5c3477405bc5f01b26c7f

SHA256
c64301ede6fac3a50b0c669946015697f01c49e97942c19d7a691d2b81d54e3d

SHA512
0edbb0b748156e94584f13008bb06ba0f79cdc80df6ffb3bec62a67ac6480d401daba9c50eafcbdb1705e26632ae9d0ff2d1fb7de3f45d13af9efc9ac42a5663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
b666911bd11c003b342236f647ee9160

SHA1
30b359e1cb9118b92da47166574abf18501f7a07

SHA256
3350ba32ac6ecf7eb3e4b80e4b956020def7244ff1219532d336edc7ba86b19d

SHA512
c3c6a9e6f6d83ff4cb31888745d315a983ab7fce39be782f21fbcfd79f8528bce421165388bed657b5b94f0e0d609c61ce6685d93d642a97891fd2e10d829a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
6f5c1f1b9cbceaea4e734921bb3aa9ef

SHA1
91b1860de0e7ce89975a671a2a3ba8f24f40d351

SHA256
99ee50e0d4bc424c009bdb0637122926cd1265b419302c8d76e9e1e4b35f555b

SHA512
34252df90f6bd1a65285f10ebb8d67ddf547b82fdee952ac3ff9f4ee2a9e3e5d908b391bc88e915bdd161c3ba838f0a87082399aa4104dd55a716c9b3143e496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\9db23011-5021-49d7-96fc-d0ad57b8cbeb\index-dir\the-real-index

Filesize
2KB

MD5
964d383dab487da6093b0f4be264a450

SHA1
0a1491556b588e2cbc5bd176752a2b3be7fa8c66

SHA256
39507561b0b9d2dc78d918a7d369da180def4a6f8034cbbbd2085ad4c9a86c9e

SHA512
59d6cd0e0ec5365334c0f123aecdd1e86c0b1b6deb442ca1a6fb9d50f58756c7ff35fdf64355908f746b286d0233d41dd094e46c71906c6025c86701df0fcca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\9db23011-5021-49d7-96fc-d0ad57b8cbeb\index-dir\the-real-index~RFe5c0f69.TMP

Filesize
2KB

MD5
1f38dc98bb497884b11a84d636b68f5c

SHA1
c95b3a6f91a789b7067b0b5951b5cdde26cca1d5

SHA256
bde219eec1640d1ebd34fd04adcc1f895a52a2c2f2fd2ed1a805224f50d4068f

SHA512
c92188c404f848bd3e0058fb2a08e44a22e1dda3bd9a975bdeb0b0d3926486b69c05de8f582556a8d8653e89a23cecbee331ad337702e3255bcdcc4ddd7dee39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
2c4abca0660130b3575b64983f58df8c

SHA1
f1b04ab6563247464a79e1432fdcc11ac06dd8d2

SHA256
c3b31f286f8b1540ff3107c0ffceeb92ca494a3bbdcbbe7026af887a79faf744

SHA512
77d30e558b7d29830a25678dc82f5abda7fc28bee3da57f5c778facd522a548628df6df9249b0ff07822acce571b9ffc0b1b247bdf977c2c603b2177a14c4ae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
1dd17e3b70d103430e3fd2dfde94c739

SHA1
3a6991429aab554b8b5b2f712f45f6291e79f1df

SHA256
6ea68eb48f11d90f9aadb00ba1518c16c3dae96d34b7c7b9a84ebf211c32dc5e

SHA512
6dd80fd676fe9c66d08ee5d3404904a6f607f25ce64b56da422bc22dede05d0d55f188bec8dac0500740515ec5d6912cbd1b0bf35e528b3571158b9156634db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
edd6cf65d4c5b2819d73379a31288054

SHA1
268b9b4b06f939a1ac7fa2c8fda64c33bb56a8d5

SHA256
cd734d760bc50a8b57af85379ecd4251b699e9e3c248d4a2461048a482928889

SHA512
c903ca04735407948db804e8408146fd94c5e521e99773b60c9e64ddc16a0b9364b26a4d1128eef6ca8fc398bb406d976c1740d989f061df0e5d764d96e0e3da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
a3157678b40bdcc518b0aeb9e05a744a

SHA1
7b3a06022d6df20eeacac8c746a3c877d2ae1999

SHA256
de89917f1c659742aeba70398e7c9aab9896868df3b186345af58f32dbba4a4b

SHA512
9b738cbb9614f4fda0855a506ae6caa27817c262e85fbf601f983bcfcc155ffcdc66e6396acdb9189a78e709cae4fc652f77bf21c4751cfe43c6292069e34c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
4586463cd8657530858c17594617d992

SHA1
7b5371dec6a1c61a41b33875ec842d6dfb4a63b8

SHA256
695f039f944136b8efce2dbda4397364e0b2e389933a3d223e98799fe8e2a5ba

SHA512
6be2b8753dce1c0fd1efb9e655fe01726cb8900a0cf08e1e16622276377c9d13ac5484bfd47ea718c7ba8f21faceb8adb2d4994cce20dac24ff07444c6c84eb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
ffbb04cca0e610753cdee2d7481cfa49

SHA1
ac0a5a47ab5cf8abe721f9b802021118c3bfeb02

SHA256
9649186250162c8bce9dc7228eb57bab1278828b69c60d3285c624b77823b9c7

SHA512
c0b2d2fc700cf3e88d07d8a4a5574031276b03a5666796144184692e609d51e83cd784f3e4b4459ddbfc9f0bc606dbd2f634622b48856b9137b3bed143a18441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
1c254e3ef8e2bef73a111e6817f5c318

SHA1
9fc66a7e0aa901577ea5b34f7fd7ec3a56bdd667

SHA256
dd7112f89b85708a8d8fdcb77ceed9e48517c4233d932ce71e8f27b9fa07a92b

SHA512
677f8ee52143bede67debb47f0f6dc299f7f104e63a3e387d7df948d321a1170c717a9f3cf21e230736cab859c1df4ba20c29a07b3ffc1e346c2ae38da8cdc54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
e90f5550e279c80978148dc5714fd002

SHA1
46c7eaff69e1f1258caf7f59813d1c050e2451d6

SHA256
4a3661b9d8c96d68abef3c8abef5bf2ab2fcf5adee1453459725cc372e44b7c0

SHA512
e63cac66af3d6c8ec19f6662f28aba485ccd7e0440789df771d0ae0acff33b54795192e3aaa9fd7c96b9e50c9f4c7a67286742a1a5fa68b4e89d4401b51f31bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
7a24a61df790e2a1f7a23fd9349b627b

SHA1
668cd675ff5b9e05bfe96752df20de1513fec948

SHA256
adf9500c26c45129993f185b61a1cd5684985c4bfde9c101063f93b4a4b19521

SHA512
fc4dc2e59099462d33cfc564e7914f05feffdd2508e6fcbb9588413217b6fd44f97ba641a806257ade376ca21161ad0e627966b597cfcb23519525a3a799a5c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
5e5a28cb71f2a76d8962ab691c59e824

SHA1
41d616d2a1440fc89db0933c8b2d08d360609b71

SHA256
2de83e0438d4bf937a0acaddda7e34a2181870b36af7d3d1d7ee098d6cf9c067

SHA512
9da84c5a7073ab64c6eac47827814d356a82cda202aff46c52ce4d7d83ea3718cc35782440118771d94601a9670ac91075f40242eaa2db16549a71ff12fe0418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
d1636c5977c7a7dfa098225a8193a0c0

SHA1
78f4e5b74cffcf7032597b06a68b7000b52ac63a

SHA256
ccb863b9eb618e9b0659ccb5996b9d450c64aa1623105ae10adebbf00c7ecb1a

SHA512
2601a34a0f6b9a9efe2d4f10cb5f750c4630293d93e9f9d57cec29988968cca7ddacea126c7ccee21e08487afde5b6ab42be64633bb2de0e978e6730aaf6995c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
41c988165368295d399bb134503b1119

SHA1
2dbd27dcfbd6171d94133ca599cd2e7cd320a78f

SHA256
93c75521f431d739ecd6df541a9f2c1a7377f15631379167c98368b8dc804c7f

SHA512
ef6ad1e46bfed117c434f9db9ea43510612049998ee0ef96c6eb1b380f1d4291b386578b3edda2cd9a1167185ff27bddcb81f3267819643cfca0f16de1097f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
71ce8fcb785e3aeb1ad5d3f9bc8eee7d

SHA1
7fe62ca516fc8fcda6dab637728ff6aaf9f58c3a

SHA256
1f18c3a661bf97fb69ea4ac6180348ea2dc5bcdb5c700b2ff4067f30c360941c

SHA512
564f31d0c6534ae77415f6d2da270c3f59430b4988b232857dd4367b515083242025faf84a61d16dfbc6ae4a01c45f8d98711b945d1f0c40dd260f81b2f5cc64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
13acdb5b7659f9c468f55252cb304872

SHA1
7e0cc46550fd921b453e2aa5c4799d6e0ef49e00

SHA256
81b4f90c0c1a442c16ce13b9553c5124ce784f300ca3dbd216dc2fcf3bcdecce

SHA512
6430c834c7a8cf2fa52161f9a57cae4af0290be7d51e7a9e1306a1a60122b997c901c8d9e4e0f8fd71098434f7c39a45012206553ca17fbefcd4bf3e94abe55f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
f6d852928f6b4dd11c4e869a362b54fa

SHA1
d094b8e1f6ef3e9ed31c1b1f47e678b46ae1a0a8

SHA256
8b130d79dd523fa2ac6645674858b907574ce5c11144162bde3af6ca84febcfb

SHA512
78159904bfe1a92947505182edd8e5890862048d5c3c741ca20fcf45cd16d8e358420c556d2cfa3454ddc7f03e071da2c6f8479b64633c5772662292ab77c176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
2d67f2db635aee016b2e7abbafeee2f6

SHA1
34c8a40e68ccd19540184963c7e67a42cd0c2ac0

SHA256
3cb64b699e93859b3f3d706ea02676efaec4a88420c85cc5a86b638fc6a8da0f

SHA512
cd6b3ae40775a3ec210df991623c7aaa18340048af3087130f3d7f6f8606269e2e4af305692f08c342675e9f85bff91b79d17295eeaaa52ddb951c824795fd9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
3a9a6c0e08218fc2b7440cd43415c4f6

SHA1
da2b41e392d564f6be0e27534eed0f6dc569844a

SHA256
a72f4d1a20fa6e92f28de4ab7d187219e9ff588557c13548caceaf827472b2bf

SHA512
1612de9a0d46983ae60eb1f96c048cd19dc29fd9c7cfe78751d0228b98f8edd53864d84c62e672dbfb4a661f6c83d2d62568f948aec3df717511af7f27a02744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
1e35efc13abb45fabe26af34f9c53dce

SHA1
58281e906ba8ff7be9a026e67d3547e72198cceb

SHA256
7b0cf461c1023d5d888417e8cda49a38a1d634d575a8c708c165d8522cf906bf

SHA512
b5fff16b66a887a139587e74aca1b95d584e3fd9d85adf42b6aaf6062453ec635f38fead7eea9ede4ee449266d3c09e26f47014c59953eef84a521be9cb2da26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
8ad79d83a800b7f2e865cd261fda3f9d

SHA1
fedef650ef16d0fec8c7bb0984dfcbe1520283c5

SHA256
deb7ddf7de48e2cfb14cb576c2df78ed151a2c59a6f6ba086663c0055a975928

SHA512
7c730a254f176add4a94bfe35cda5dda17098125183e04144bbe8d426cd453fca8bb23fa041f8c693f80f7db6b47f468bf9399235604fab71a36907902e14540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
351e47b660b36aa1e7422d6e6916e370

SHA1
0122e4e37fa298162fbf32c04784cee966aacac9

SHA256
4c781bf1cefe0c3d4d7b003aefed338f037817d2a49255a56f271a9fde6da228

SHA512
d1a867f4ea71a36eeb40a4d476fcaa32fedd3a3a89f0d695a617639760cd7607f9fb7f7f5d85480e4a532cb863aa35c70990d677ed2e761b363dc1dfdd1f12d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57cbcc.TMP

Filesize
392B

MD5
0af6182c1d2cc2483bd38582b1ef4c79

SHA1
b20a54593b281f1995fafd61e1a767752edee573

SHA256
aec9f7f5a5fb18e7d8ff05726ba227c2ecd794d6682062a34e35b06b271b0a13

SHA512
345c8e22e5a7fc9f28426c512fa8da79045abf7a1c768e2168eb0b77108bec709d1121831e8254667009812e202780a060713f1cf34815409cd5a25e3845db76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
526ea64f36075b9404474589347b8238

SHA1
460d4fe7ff08770e257666e57d3b349bbb3577be

SHA256
9c87b5934dc555f712bd6289bf22ada5c187e213e3509e0b1e6d71efaea5bdcc

SHA512
459066084864c274dccba78f267d9a2a7628b8b57a0c5ae816b47dacd5aba1c4bd1dac65606033e99636ba6c68073a195edfc3a815ac295846794b6b75d52baf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
8KB

MD5
0d7819e31bcc8c05adc437dfacb77114

SHA1
9e82139c2926880802dca3ff302e9fae398a930b

SHA256
5546b42f69870a9bf284e6154af9bae90241a3bb1887e295227f2a4a885b9ada

SHA512
271767bbc7957238a99f643b3b95f5028a3246486fd32f4df2897668973507ee7578f43280d56708ca1216237d53eae7ab5a20cf72a593478b4ed9414ba64f96

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
df4d3995a750e115898343af496a6a42

SHA1
6990361f1e13952a25f601afbab37f6ae9f1ccbf

SHA256
4e5bf767bb9cf04cd2fda1af6559fe6e5c5a1891b0eecca0f3e595df8191e415

SHA512
e4182dd8c9db11a5ab40559ec99942eb0ab7775db748a651291b6dd6ad514b43962c13ff732df5ac52c14132ba14b6b28b0f8f31d5a5500b6bc8e38074a35b30

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
657437a256af6474421b86548771ec58

SHA1
428d246fd3b044a9d4226baf8cff5ba9deab1091

SHA256
bf528bbe036f6218ac6c652b128dfceb6032083f11bcd9f5327fac2779686b78

SHA512
a2da35c4945211ce034d3bddb8dbe199918c3b64a9d99dc66e6f0fe40364fff736354413ec71733a0e8cf2052276862d1abb3014a6dcf3694327707b8f4667f5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d0d5efd922eba4ded533dead36597780

SHA1
c80284034d77069e8b8216c417fa26346bd8d1f1

SHA256
3ece366dab2db37d65dff416a28c06442a2d3c0c9a7bc368bff01ea4d16657bd

SHA512
942b1d4537f4d413bd98527918a588664c325d48c88e3987643d1335c0ab704e59ec8cca53b3c28f23a037e8b3cfdaf62a2675d16b5f3132ee49b0e28091130b

Download Submit
C:\Users\Admin\Downloads\Free Minecraft Premium Account 2013.exe.crdownload

Filesize
61KB

MD5
12adc04de7c1818414ab2159b2c16460

SHA1
27010cff11010be891cc8f875e431e119b49b4d4

SHA256
e5b0f70969d9ba48b4cbe8f7c095e3f82d175280017213c263cc5a25763515f0

SHA512
1340af7960bdf1806fcb85982cf0743747ae8821d0067c1ddbe775fa4dea7ef11ab5814b9d972dab478cfb97c4e45c55af0114306b0b4db73959ab56eee6771a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1172_521604090\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
memory/1276-1503-0x0000000005270000-0x0000000005302000-memory.dmp

Filesize
584KB

Download
memory/1276-1502-0x0000000005780000-0x0000000005D26000-memory.dmp

Filesize
5.6MB

Download
memory/1276-1504-0x00000000051D0000-0x00000000051DA000-memory.dmp

Filesize
40KB

Download
memory/1276-1501-0x0000000005090000-0x000000000512C000-memory.dmp

Filesize
624KB

Download
memory/1276-1500-0x0000000000720000-0x0000000000736000-memory.dmp

Filesize
88KB

Download
memory/1276-1505-0x0000000005310000-0x0000000005366000-memory.dmp

Filesize
344KB

Download