hxxps://www[.]freshwomen[.]net

Analysis

max time kernel
1687s
max time network
1699s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 15:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.freshwomen.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-984744499-3605095035-265325720-1000\{2CDB8A55-753F-443B-9135-AE1CF55C2894}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
3600	msedge.exe
3600	msedge.exe
3732	identity_helper.exe
3732	identity_helper.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3740	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3740	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 4880	5000	msedge.exe	86
PID 5000 wrote to memory of 4880	5000	msedge.exe	86
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 1152	5000	msedge.exe	88
PID 5000 wrote to memory of 3600	5000	msedge.exe	87
PID 5000 wrote to memory of 3600	5000	msedge.exe	87
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89
PID 5000 wrote to memory of 1388	5000	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.freshwomen.net
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ff86ae446f8,0x7ff86ae44708,0x7ff86ae44718
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6340 /prefetch:8
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2416 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6804 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3844072227570257691,11075264418945806291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:1
  2⤵
  PID:5776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x30c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84df16093540d8d88a327b849dd35f8c

SHA1
c6207d32a8e44863142213697984de5e238ce644

SHA256
220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c

SHA512
3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
1024KB

MD5
d36cabde5f36770e9ee9df3aef9226eb

SHA1
75d34c6cc5cd384d84d392838b034d0514ec9a10

SHA256
6c26eb7011511119771b41f71307060c87a570dd99f10701127aecc2b8678f7b

SHA512
5f9c5b38b55e6905192c42cbd202c11f16d457375c0aa968d74c4c6c959677b3662b06ec673df2325ae0ad307b14b7dd3e2fb0307b97dd92b0cc4d941377cea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
23KB

MD5
aab4d8d3cddf43c88512bec7b5452bc2

SHA1
635c29756c2002a98707b6c4fac49a27c1859c5d

SHA256
af973f2a6f922619bfba6cbfdc70a9ba7f9e0695957864d6326832f462e47eda

SHA512
3cb709d1f8d5a8bb5cf22e03a6466c74749e8badf6db2b9ce6d58bc4265af398851383ee915ae8eea547dc425b056aacf20e32e1a58e53848184134152009d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
45KB

MD5
32240ff82dfec3cf9bd6ae98045183f8

SHA1
5e65dae96331f96a818818069987ee969a74889c

SHA256
32687785f1aff35133faed3499a0cb807cc739751837e084fc40a0927c31c2bf

SHA512
fa2839fd6e9dfb1fcf83dc2ceb7852f93253066e5593c18eb54c055a3a81ec747a789eedde434f9b99bce53a84eb6ae60a1ec9c960c63a97a8419cdde42279e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
316KB

MD5
3e7fb20570e4b92971b04ab9b2e4ba04

SHA1
8729d6ec0a43354f33d38aa047cc0d3a17520953

SHA256
a4edff38abd9b3477054444dd8759d35a1db507bbe69773411227fcca5e3713e

SHA512
e3c63c30c8c41739f4384e9a4feac0a03bd26ec73805f3f19527db50d0a0de480ead588142b9364b5d2946ec4f6566c3cf94c6ec3744d6d143943c601bc06e7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
49KB

MD5
dfa5711022e3190b024a53536fa216cc

SHA1
ff1a356007b4ba6ed87702ab4678125eb826bf21

SHA256
377ee7b62f1165206f00f53ea346c9046138c648349dd47f97ecc5f23b41aa9e

SHA512
f85df6082ef406199f7ae08c9d5e8c43f95f14b329986ce6ecebbd920d42b7780e6b77f371e38a514a91f29db4431a7e29f5ab9a02ae6a52a86d05fa99319328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
1.1MB

MD5
a5c72042b5b31407a64f758d9f8bddb3

SHA1
9646f9a3043af50e3fdcd260da15d21a2242f071

SHA256
76c21df40174033ab847599fc82ed421d5f3d8107ade66e6f4f40dafb21ef862

SHA512
3a738cfd6a34c5d6bca6bb72dde87125b2ff3daec1af9f421d7a996f51e23b212b6db320a00a2a9552245d551b6e8f56b7661e62378327ded0cba700cb77dd74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
77KB

MD5
c175611ec5ad4d248c4608c49f78612a

SHA1
bdedf10d2afffa201755f4f306e39c4d30f1e6f5

SHA256
0158600f2d845643c5161fa03c0d0bf7b2a9e676c8520f9d1dbf446b07f8f5fe

SHA512
547d7514d0c189e6efaf5ba0a697523a81a94427b2dd734033c322eede99417125eb43a69e3151c713131b37bf7b48c094c75126b3c6026776646b6ae124ff62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
84KB

MD5
765d2fc2512834331cee8c320ff7429a

SHA1
6bda1959b046bd8435fd6f795c270998dfe8752e

SHA256
cdebcefe41159d0f2a94650a649917b9397c2491382bf10dab70f320a47c2340

SHA512
6dd522489d9d36163c5d3556b395d6b996ff3480f03fff6d23b076ef614a049aa3536e7ed160f80d2bf03583a21e8865ef4333b19632e080c329f8f45f64474e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
90KB

MD5
064658a1212ad400224ce4f3194ed415

SHA1
0b75464568c4d58f20ee8d44f94ed94ca15a659a

SHA256
d3991ae1c5a4b9c9924122f722ed7fadd05687fe47b6bd23972be8111d96fa55

SHA512
13880887e071e9abf8d628a4fd0ca63188489df8a3303f1b23b3707183cd3d7631f676e7fbaad7117e381cddfd8c6abc28cb3d54d5f7229338057401223d5038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
623KB

MD5
1017bf36460a163cd9d632e5e7b0532e

SHA1
64e900482c8310d0107eb4a0ac9efad8fad0da7a

SHA256
262689198f3ca49ee0d7f1ca6994fe715455b35c8dbaf93a1b8972fc7ec4238d

SHA512
fbff76351cde7a4534f33734a0f8fe6aba610835ef8151e9533a932fff27dc93e600dfb6c7d8049d7fe0bef68d27fbd33baaa23c7be0ee714b65b35568bf5789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
186KB

MD5
740a924b01c31c08ad37fe04d22af7c5

SHA1
34feb0face110afc3a7673e36d27eee2d4edbbff

SHA256
f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0

SHA512
da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
20KB

MD5
476f50cbc514dd2a147e8856d7d6a2eb

SHA1
811bb157da70e05f0385d5f594107c656bb31265

SHA256
1f856d6ec5032dcc293d2c8cda72f128fcd28820cdeeadc7aa9b16b434d23f99

SHA512
efddbc7415edcdc64bbb61a1953ebd66947d5ef9eb5f1a1295c5f4ab01c0c832c3d6fee731d94a7556b20c54fc9b0813965a8ec8c9d9b94d08d19be9d1b1f226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

Filesize
1024KB

MD5
ed2ebb5649d741a676c210efa342877e

SHA1
8b70c48f346d53f5dbfcb320fdda2ad701bae2e6

SHA256
ea7c9709c20282fe44e36b64969ae5bbe59f0b2ece8cfdefd1b3500d91a3f760

SHA512
4717ae2a7fc5aff9fbc3ae61d88bd2756893f483d75ca91ff9aea3aa80859040c979315de2a8bebb5456cfde37847ea3f46ae0c4109302cea019fb74fa5da00f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000088

Filesize
40KB

MD5
a921e16c0f99076d5395b41e7a0597d2

SHA1
3300fa267b78207e915d7a56093aaf1f443836ea

SHA256
925362d4c507b394c1189e2eeb2cd92d2995089f829b341b25c2d5e6f2d7e705

SHA512
d75efac42cc14e88c3f917ecc35bd948f602bb7592d1d936b634dcdf66f4b32239b327c37fec396c68b478b0abd8555cc7808038556d9726177af4a56070990c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
713b4631ff9b3397c487e9155aed0530

SHA1
9cc12824d937998469e56df7b7a2c19511d7d2d8

SHA256
bbf88ddfd9e12029e9e66561a4db94842245939808bb6593655f385676cf7e7a

SHA512
6e353fc44b725e65915bb7b8cb3de91bca46ebd211402fb394d338032dde8d2c9a0e7967b27036d62d6189817c19d9dec04fa8cedf678bb2d265021645df4579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b68c97b305f0bca8be7b2eddebbb3bf5

SHA1
239be495fff372b9daac38eec4d2c83e8f50a5b4

SHA256
d357fb781de49d3940034da7ff2619d729c88d6ac1e1203167620ff8927641ac

SHA512
dd229fc5237befab29c5b97d4949309d7c13b5192c138ce8ff463077f0852e344664d44d53adb94a5528af6ea4b4a089ee54eaf2835f65b887049320618d7707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f688c03c152f23346c3f49b754664798

SHA1
1e2a4e8e1ae9b09d4de90c208a9c1fec921090ad

SHA256
463f0e9358ea1412d29a0a44accb0cfc2de7139b8b8cf836f1efb8c54fa06e3f

SHA512
3314a355ce3faa25c6b0ec74a70f9a04d30e397f416e26d477442193a396d1e869fdd6ded3cc41dedd7f79ee6cae1e3d17c3cc362ac988b8d5f1b7a27fdda256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
12d54fdafcfb7a695ab428625a2f43af

SHA1
2ecfc34ed4e962f9511d0e052df2ccc09b813641

SHA256
c5af122ff37ca55f2d1257c32e24090a7b6b6544a56cb74f1a134eeea7b0bd59

SHA512
d75e0a849c6e1ef4b3aef54bc3d5253c50acbb0b4ca3447448b388ca11d66f9195eca94c191dfd592bfe317658d63f0d892efbeb82a17e2f1e61deb93e28215f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ee977bae53e2036cbb78ab4fba18289c

SHA1
e1c90521537fb6a0faeba2c251ee91b34bcdf9b2

SHA256
319a945ef8284a09e0c393e515c99d680c6c000463ec7887cb7635c3b195e293

SHA512
2d6fb249076fcf2e9aac4e9ab4a9af7380f04f8a882a387e1a74b0ffc25b5e838136e0e47df4e75f262675556e36d4f1a086ca1d28fc3905bde0256cce2f3944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.patreon.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
57cfd44bf35b8b8b35a47d232132e6f2

SHA1
69da0fb574f5879d8359c434305d36fba9f39f31

SHA256
8ddf008fec0e25e429ba45874eb9a2948f38d99a846ff4ec2b05468f6dcc56ee

SHA512
2fecdac705e19a8e31a95d31a20d9bfe04a9fd7d763eaab57e13ade0c7f73ea8d3efe41330622117029e0907062f157281e39820f00f4c6a51568a940b9544a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ee1240fbc57a1db5983f1496fc5be79b

SHA1
8467ebebe0e5dcc1d4975106a0762db00417cc1b

SHA256
34ab852223b8fb2e5cf5a59d3a9a19e1dfcefe7ad6753aa22f2b22db30d8be31

SHA512
d601407baaac16caddfc86834870b1b4f2a5107a781213490f695112e3a2ce1082db86dce9a27916ec1b4ad07f0ace842889a4711b454923304403ac29591c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
39dc3ae077a0611c72deb2de0e20cd26

SHA1
9951dacde860b5754f54b0188671fd051afe27d7

SHA256
979f5d20b80cad76d37321dec2a15547ab7ac3b2def0bc0ba1347e71467d21bd

SHA512
3caf670d8ad8c8833b1dbebf0167f44243e59ef4226011e6239313fe4c84d781045284c6f6a9fc0b6c51dda2f2a97194ebbdf1863d94ca7b2feb6c6621458c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
1f2e1a273201a3603daacbff93de3972

SHA1
f2361c0112944dbd41a8933f11a9e2e20cd53a46

SHA256
b3f37488e9e3c6c1472ea608ecf09adbedddb0ed0f4b1d7f88ff76a32c1c40cc

SHA512
b78df2467ac5e890c87dd30584079bff245f1953eab2c2848f9a4aef4b4ec57efceafa220e7482f5bb3fdbcbd2b89d327f95fbe1077c7bb8f88711bc600f232e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
dd0c36aee4067e3aa028f14114598d07

SHA1
8a7da7bcd90671c5a7cbbc0317715b77c96b95fe

SHA256
2f7de622adc80d29e83d73c51750c97007f5f0c318e689bb5b7b2875a90b7205

SHA512
2adbff952e00697e763dbae00b80a76e3f234f86d25ca7656d97139e235ba309d09a994c9d5c01019c53e4548b69696b9a74f2c6ea2069e6da2ca95ef9c956a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c296ba8a0d76c968589eb5ce4a214531

SHA1
9ea77bfa26eddbed27a36a1b5a99f82f0882615d

SHA256
c92e33924a8239c534831e5ba8d5364eb3c6dfd04760dd67f5d25d65ff963f66

SHA512
5badd6aecb5c4d4c00aa99b26757cb47dfdfa9a875a158cd75448aa90c71b1c9ee1fa8d5b449f86043ef36a07d5c7fb2ac8eeb64345b25b4967d49691c6858bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b4ebdbdb255c452004fb09622fd01286

SHA1
b0f01b6f3442e067e283421f246ccae45c6317d4

SHA256
08bf2f783817c476dfb68e3b02406ed57882d17488b4df07cf626faaae228929

SHA512
db2e918815521debf436dc6539460a71e2f70fa5eefdd8448264580a967407f74f1ea8ea053537e5129358865f866705c55f9935c31ac9424fefeb2e1727a487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
bae6746dfbc081a1679697d8de54b687

SHA1
f635d421dd92aae2f213a378779a69a48866ce5d

SHA256
3d782033f8e3b8d0e0cfeacee002f7d1305eb385c47197deab2b129fc3fded2b

SHA512
8b843c5bf6e7a756bda47e9f333efeb94d4d8937614239f18859e6ff9548cdfd9d880a872a7dfe0869178f073be4c98356e762efa7355a830ed6a392e3c5c4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ae895d0beb0238b7882ab0866f0eae08

SHA1
bd646e9361cdb351b552300854db55ca6f019d7a

SHA256
b8da65571d2f2fb35dbfca5998f21b0271eda84f492fa74d2d8f7b60bab00451

SHA512
0724610d1529907cfe06adea6e4bf069635b5434c14e9123ab327fa662f065277a0d25e19d46fc7fc8c1483cfd6fa59f784b4641c3d47fe96848ae646c5001fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9588a7e95957cd313b6b4520a5d968cd

SHA1
0f1e55a5608056fb4d9fa7aacb3491c5e389c1b0

SHA256
6bbe8d94d63c04a8e9d30c45e0c20df551f809c2c59e873d828778a898586f33

SHA512
a34e752bcf9baf7155266dc053b8454950df902f6becf6c957d19f224ee38c4bb3c5a8c270077f699ba19a7e3e412148122c015537538502f74f91515dccc307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f0dee96fb1f1f195ac2e736d4e02f353

SHA1
da776f08ec694d8983e73a59994f5d706e522dbe

SHA256
865a600b72ad5ab740c8abdb554c273e01726e20240fa53dc2df5ee717d3f70f

SHA512
267702ef664031b330275174dc0ae416772189ce42354e99b44225b673bfda02f21bd35104afe96ea74e430aa23761ad504f67d45f34f619e27a55c8273f1765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f8e8a3668a21246500fde2b8b479d644

SHA1
582725e336a00bbd37872e74f8f4fb32657a38f8

SHA256
9487af70ce4cf141bee81acb58b1ac3c4dd0bde87a9fe3238587e6210c9a225d

SHA512
566295c7d3f4da60a744c5dd8d6d288a6df12fe79c122e1e4827ef45e84b0d2ff90d9c383de2b081afa177f3250a659cd9ef4a3368579f76975fdb35e70e23da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
693d58a87da7b886c2a418c55d4b0d80

SHA1
c50f1c709a074dad2ccb7aad68ada9befb1f42bd

SHA256
c3df99c281a6eb63653e08cb575ee5ff848b4cc72c5ed6ea8f632de7a4286a99

SHA512
8e07b6f8b491aa82785fc8e63007af0143566e66dfab66de192e6972716fd2501b130938e3e515effed40f0c66e9093269a2c305f98cc90cafa5e8cc8daac909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
918ecd7940dcab6b9f4b8bdd4d3772b2

SHA1
7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4

SHA256
3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175

SHA512
c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bf82dca1bb587f60a3ff8b7251275bcc

SHA1
8f7104b80b33f369d0f56a583868f46c12557fcd

SHA256
e344d70629a36b1d49f7a9508f0bc104608b57d705e334cd1163b42b2cf66bca

SHA512
00a70a6f011dd7e7c806f7155bcd341206b60d5e48acf669a252a5fe187d0bc916282b8c7dd59923b874bd0509e2dd44cb33315e8d06e403e739b2aff2602696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7fbd6c4ca9578ef8754124cbd4439f4e

SHA1
9b4aca34174cc58d2d789b9bd6df1e368a4f5b7f

SHA256
3d081b9e2ecbfdf1bee7cffaa898b78955baa6512973bb31e46a83c7214ea2b3

SHA512
4a36ddf5ebf6d871857c3a37dbe7d79fbac1faa61263fef1358422adb8743d98b29900f17c6e26798fad7a81db756ad01470dbd039f7584e59d5e8cfbbcc0d99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
518eac43d6d5b5e6d2494c205fbdc8be

SHA1
2312fddc7d8426951957e95a21f5df907f71c82b

SHA256
ea6af8aea21a55281b70a31e889ef728141a53c0338fbb767599d56738731fbe

SHA512
e362c32f5647b3e66717dbddb87a5536450deb6e572f0c8e4d6848fa33601601a73a1dab0b18dfaea25cb72afdd32b9ca60c2e6fe71ffa97ef6be670401daf5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ff678d958f9aeb635bb4751ace5a2850

SHA1
c8f5475ff4c50b2d46c587bd5222995ac7db17d8

SHA256
61b779402f262ff2b3725203116ebe4c73cd98da7b79f8e1ece9d571a8f87aa3

SHA512
62528f61453a81fb6a9af859cbae502711c6f6ed9e0300750f250af78226bb7004fd291b68da9b58076f14cd927460d75c42e3da3e8848fe39c60e88ca7309a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f3dcf6a648c3dc9c5933b75c668bfddf

SHA1
2fa27263e5eec39b2b77bf65ef2a9c1a9bb216d3

SHA256
616b0666d83e9191544b9d85124391e259f388ac223f1f6f1dc34a786280004e

SHA512
8587991b761b35f1beefa45b4a31bec5ab55fcd941d899748086fca453dc7720a2192230faf195541fb6b9df02b85b1ff4f51165da326bc377d8f59c0ba660e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
beeec8db83cb1e46226d52c63c5a4122

SHA1
8856ddd3953cbc54ed390faff3b76dc0cfde0952

SHA256
6ecb31a4cd2edb4bbc0f855679724455dad73dd7c690498dd7f046663859af83

SHA512
7051259a86340bb7d5d577b10f25ba57c8478e0e8daa87dba953f261ef2b4089a82e872d6a76b8b5ffca3ca4d3936590ddc071b0074b8de3cb8c02285e0620bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e88562d301afce92dc403a30c6e1586d

SHA1
3fbb9ce0032ce20e3edd8c415d3abe1473977e9f

SHA256
829002f8a49f61704fb09eb5e1aea86f17db4783aeb75f7174079996cc27ae8b

SHA512
5b2d54d85752becf5ef1b4fceae46402f6e6e27c9d288b2427264de0eaf3800f7b3eb96c14c19d14a65eb427aa93de32ce24c9d3a9df6beea4bc1d28fa2507cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f3c6.TMP

Filesize
539B

MD5
3c48ea3e79a1cb617a2c3e2d33bb5fe0

SHA1
1713832aca196c364c909697280a1f4d49916b1f

SHA256
e698fa0f56d1ec7b0a4dbd34d0ebda999cac3c607020026c2fc3b9ba4a5c53a4

SHA512
b5f426649b8198d390f15afe9117cf87aacbc8e0ec33df125048fbb5769523c047db3357f3097765cfb73d751e44ca1e61f3b27980314de6ecf194916bb8ba22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a8a37a71-545e-490d-aaef-27b10d8fb9e1.tmp

Filesize
539B

MD5
97e646a37c98eec445a7e46d3ff56a3d

SHA1
5eb96b7b16743810c9efd61e9e016927cd176825

SHA256
8cd1b6d4ab75f0e7e910f0035fe33c9e0d9ae53908b89f293c17d61922809e92

SHA512
3596bd8e47433894106ebdc6906c3dafdc774655691e94cd468b9d19f0cf8ecfd18e4b79bf768b12b091ea4af5e77b92ab1cd2655c825abdede9929adebb8f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3acbed773142511634180b1a4bb71e45

SHA1
bf0da14527199f63cb682a40218a760d5072d109

SHA256
926aba3807e71a86864a207caac743c29b64c1333fbf3bb7954c6cb232e39d94

SHA512
ea795b9a22bd8e23b43946dfb26fd2d36617768f05184b7a9a0fb2ef8c5915e403e0084d1c4f4bbd576776c96a4318d200d391b4076c0145c81ec0776eca5f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6b5ce4a8eda94243547daf4a28d0f4f8

SHA1
5a6f926120bd426572a41ce879fb407fb6be1acc

SHA256
c6e4a9424b2bd4e0694c0757e8ac5d2f6dc11e48e9779ca143bebbd4463a276b

SHA512
c07e51a79788decab259287f74602054d6fb523087efdbfb52dd294fe6091c6d1496a413a646eed436fd4c889489fa51fee9d44381fed5f126ef4c3978a6d7fb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
45d174ca10631a1a802fb61ed4beeb00

SHA1
8c85f093c2e92d70ec6ebb730b2d4c5958570481

SHA256
dad09fd402b264e263f981f064a51d64159be3745fd1998de625c7cd3bd9b001

SHA512
da26d1231f1cec0f993c0a1982f4d18d3831c925ffc9bce96e814163c264879bfc0e809e61267bf244214b7cfef1e5c07cfe9564b83bef490ae324c7ea017fff

Download Submit