hxxp://fortnite tracker

Analysis

max time kernel
1118s
max time network
1195s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://fortnite tracker

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3125601242-331447593-1512828465-1000\{603BAFCF-D911-49BE-9BBA-A6E9AABBF870}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
3208	msedge.exe
3208	msedge.exe
5284	identity_helper.exe
5284	identity_helper.exe
5156	msedge.exe
5156	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 51 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 220	3208	msedge.exe	90
PID 3208 wrote to memory of 220	3208	msedge.exe	90
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 3176	3208	msedge.exe	92
PID 3208 wrote to memory of 4984	3208	msedge.exe	91
PID 3208 wrote to memory of 4984	3208	msedge.exe	91
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93
PID 3208 wrote to memory of 1256	3208	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fortnite tracker
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffd35a946f8,0x7ffd35a94708,0x7ffd35a94718
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:1
  2⤵
  PID:6560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:1
  2⤵
  PID:6456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:6508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:6468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:7100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:6928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8928 /prefetch:1
  2⤵
  PID:6188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:6160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:6776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:7164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
  2⤵
  PID:6832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5392 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,754928175810229941,2178972404314735514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:1948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x49c
1⤵
PID:5312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
64KB

MD5
813060bdfba7cf7cc574927c0069c44c

SHA1
17b94a5513d372205d12c3ac1da734e533490d11

SHA256
99fed27b895b1bb9f09421fd30dfc8db6e24620f749d9710e6291616a8da12cb

SHA512
76c72d4413b043ebd4e470aff601774ba29eea6eba6e14d645541f3ea5ca933d1ebf78b1947de2051f9200d4cee9f3ffc4b0f86fe8aa194a36736a07cf3f11cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
23KB

MD5
8264fcdf246c9ca9090374bc0176ae0a

SHA1
dc475b3a77e9ce3ade20c655903f1cfb45895426

SHA256
20dcfaee51768464071aa8cd2b9a79fe0f334e04bb6d565cb2892b7c9e0bf3ee

SHA512
80fc913347aa57d463ca5f137956982102cf82b527e42841d590fcfebce9176fc3bf618b13075111250968e169bf3221d990f0c914e8418f708822335a0f6c83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
1024KB

MD5
c5ecf6289a17dd32581c279ea94cc7cb

SHA1
e733e120c0c7ba9e1bc57df0fbb72e79075ebb60

SHA256
a9979193bcb60ca64734ae8649e39d85bd0e745562aa8eb2287e04a2cc413a77

SHA512
a87b895b38140c86595c0c972714123e4331756c1678f9ce365495b53cfa73e86ce3d0cc2591bc104a215a5d827f2d518f6a248123f14b2bce2bef7381819272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
427KB

MD5
620ad07b2422856f15b56b179af02771

SHA1
6cfa270d62b460cd157c71a71e98a8d8ec01001f

SHA256
82c55d2c1c72dc4df3ee157075012ff84cfda82cdc89911710c5fb8c20977edb

SHA512
621d0f8c8001d19e8e4af2207451bd9a66000914b6e5b77907154acfbda5b845111c93470ee95d19ae38c45d6b52f16b84c9737a0090d62d95ce71586d584e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\04f58cd5cc4dfb9c_0

Filesize
51KB

MD5
2e214d439180a933c4af4949039d875f

SHA1
56c2268c1e4bd7aeca88703e73af4b325c3f5c4b

SHA256
d3e44a495b0fabadb3d7a298d218e5f7bf05e764d9a0c059667726619aeabfc2

SHA512
002846796ed73042f1a96912adc97ea8efe5c4a3c091f76fd20c3d210949deb755ce6fec53749cbcf35c3324197bb141f1877263896ae653b36773cba529f744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\51a2da5cb0ca3b41_0

Filesize
149KB

MD5
fe8fded6976eef8fb6e76ba34c078fd8

SHA1
9342249f2680fbdd6b0ab60123acd7e8d6c911ff

SHA256
ccdad6ab212493dd807e5fba47c56d799fbde8cc488245aa3cad30b3f9fa7874

SHA512
06cf3c86d87a45f467ea7c519544f06baaeb22eeb71008c85722db7e3585f7dc97e5d27fc45e863fdf176e43ae60aabc0fdca02024bd7b69f5bbea190e2709be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f7860c56343ca378_0

Filesize
285B

MD5
9ae4b0d706d385fdf98c15afe75956d1

SHA1
03d14b931b56609178e94221d175368874be4b4d

SHA256
7f8454e35b170e146773b42b50cb4d6cd2cab8e0814bc30aef5d19555346bb31

SHA512
535f249d4ef845711588a9eeb72fbbd294c0f7cf43a2297d2114e70b4aa99343eccb319a2bef03abbab34f92a79fa6eb3c9af379da25719d1e050bf778b7944d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d0860484fe9947d45940311cc3b1ddb6

SHA1
01b6dd15705ab833786ab05987761c73b24920c3

SHA256
77e3c9d462b36c487fe4a6904477c90ba5a400533d56afddc073f04521d5b7ce

SHA512
71724bf60f6f55c8af6d0def4335d0790112a306224fa5f9c2d3efd0272dc6b088e91a464e0bd6342eee59f3ed0d6dd863e76ac68da9747e68f06b0fe63f5976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7ee57416fcd9a36bf3d40b29399f33c5

SHA1
d0a3e9f213bc48d7099f080f86affac68237d3cd

SHA256
9473d622fe7f8afb1ef59ec685f651df2c15bcec89606f17a2739e4a587da19d

SHA512
94a97bcee4606a832b8fd36b92ec165b1ccd54ca565aface6bb9cc90d0baf5dd8f33106616bedbbc0b72ccc2c74871d793401e61f7026708b5f7229c8dd52803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f75c2a0a531edba8b0be6e9e129ef57a

SHA1
f3606efbace0411a9f08b20a254fb74c341f32f1

SHA256
61311005eef083230a4edb48897bc8009ad54125bb32fae7eb8668f1766f3ade

SHA512
cdbc3e5109b1e420c5cc82c554068372d34f4b4d7ef2ae6f0d6f3d866287e5a134f14b0d7298820f8c73f85ab8132dca7cfa23da0160df91061a32150f8a1a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
96ac33f5f9efc4220e8549d7def80cfb

SHA1
e3883b59bca6dd7dd086821bb49f393fe45c6f9f

SHA256
e14cec7672fbeab8ae79dcbe16b0e36db44de856b55c5fa1df4c36f65693c2ba

SHA512
d2930c622fa93234f86313d1c158e1d9e11bb8e4da0ce998d69f296010826360c1db1391e286907e2d203f89a5d922ec95740465c56208e1827781ad890506c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e44d93ff9e48a9df5a9750de7f3e3cd1

SHA1
56ed211df00dfa67b0d18af16f5d1a22ae9036f8

SHA256
80ea22cfd589a8f070f2c23824ef67c947bf4c5d040ab9c638c6cf3e7cf83b45

SHA512
30155ea8d83a76c3fbe16c7cf04eb834e509679d8939f4650d7bca4e26d0965fdcdafeebbef3fd62104da0e4f5f2cd72ecc0f7d7a3d251ab05bce5fd5d4d5ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b88cd759a38676d8fe7a097e6930196f

SHA1
e23e0be9c8d5149c40f03a84eb5ec0dac9043dd3

SHA256
3c0ab10d30a75675bae3fc09476438f762cfce284448cdbb0f0af8b3b9c70acb

SHA512
04450c1313b0988e264d2076dff3d0b744bfa862987be6910b74dca8755406f0422b0140aa5890709ff0d38df619d8669ec61bf9940288622d03d4d8019b510e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
6bc5f75d6575bd199722d9a757966ffc

SHA1
d103539c3899301d4282baabdf15c6bee6dcfbd5

SHA256
ba515886f16f162a92349b6df0a9cad31f5e7128f346a5593d8415e7559ed43c

SHA512
d17cc74b9e540cc36b32277216fba88fadfe3d527367a1a1230d8616cec987d932baeda0093039c839df3dfafe1d173e00f9e79c8d7e6f3a95a1c4c2657e5c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
6100c93ae487747755e64148d6a9589f

SHA1
77d34cd08d41de042ec2d9d75d6d31ca25497a83

SHA256
9cb29b686dd1a432580c3af488ccb80cd8df00b67f8a5ce03dd6fe92f8b7572f

SHA512
dd6649af15a4262b8241217158b75d42cbee574147fc7540c18e28e9dfb79481da20947ce48685a9dcd8361bc92df4413dca7258a4599809631149945409bd2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
4c848e7f18c4218287c07edc8e9a5844

SHA1
bb5159273c86b0ec14d7f7ddadaac32920c87e00

SHA256
5be1a918efe957c646b935477043d1bf28d328aa4ca54dcba785735b3f221817

SHA512
0122174e07c11904ba5850e6cd593d6f2f1aa304fc0030ad906afecd201878b0f004f85bdde57c36d419f1fb3a4123d6cd7cc8c4bf2f28687fbaeb2bc6608009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
cbb7b7e92c48f2e92ad58ae0eb96c551

SHA1
be4725632d6319aecf6306cb2bd2b96c82ed43f9

SHA256
07328aaac9f338cc2a508e757c42a0447e930778e78c09b10a403206b47e27b6

SHA512
d6e33d2321a4c45542c844e23f47eae86d7488b4b6ef4a67622e27430051a66be0fad5f7f17de9050de95ba2a769c6d8dcdc02d98fe991c12c9bf56a3059ad18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6666a14b1d00fb4db130e16400ea2b5e

SHA1
b5908f618325ba939eb749f22a69e682c44043fd

SHA256
406132c1b0237eda12abc9a71e085a158c3b40504a2b935fc56d7619f0378497

SHA512
f7289b4f02fb60e6a8fbf675fb9a0658a844948f6d11cb620eb92de6568a55ae1dc24fa362cdfac873d8b5a111154bf5812bcab4f7c6fab859f2a6b2735ea530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b45de6bc0ab9585f1c5610d19e4c71fb

SHA1
5ca3e4b5cbe95b78efde1f1735d69e4e6643e231

SHA256
d24630e718f0c815a17f8baed4ef996143b3ff4599e2c2099a01579fcf161097

SHA512
18983e91da470c001b612d972a72e052f6782334977f911d1edf5ef778dda2cc0c6506a32dbbacbae5aeb153a1d0b07f5a6d99bc24236ba6307019ea96ca020e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
39d93935f662ff9804d7c18e1793ed11

SHA1
e6407fe9f36401f0b59286cb954ee33d5c165e80

SHA256
c0053c0537ee3aa1d6aa14a1322524d94c3e72dc94b3788ed15651e206866fd3

SHA512
236fa93ec5fab91f43d898b4d2c687aa6f9601a2a81a8df2ec2c29c0be3986098acc2b056aa6b54307bd65821f7bdeb1ab7ee358d19b20a673f4dedf5067b48d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e958e43e3058c0e96195e70ba63d3347

SHA1
ddcdacc2d36f89b571b7542a5c96c8f20a3bed4d

SHA256
c787a198d6f3c199e8da5eec4bc633e8c6a8dd70c029acfa80a7038db3a1e148

SHA512
985bfa8eec0b2860fc25cf2397401b18a8967f700b7002cdeccf5e08c574fb9cd7806890d3c535f05052164e416966dd3531b95fd15e9a75b50f1bb4f4b42214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d56998020ce52bff0b1450663211e0b5

SHA1
2160228450e963b5ff4e5988c88d34949a15ab1f

SHA256
158061050ade7013a7a69aad095ae90dfe0c98d653e50b665d94865512b59b97

SHA512
2db38814e770f3369b2f8473c1179cca03d408902fac185c028a381ab2816712ddca4fa15529db21849062bfc6ee9dd7ec9953e914a104df8577f0f919c37269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
f4c49b4c5ad1887640ec458369f35f2f

SHA1
195177cea59d9945c0170496af829e9efdeb8642

SHA256
699532f0625a661e49af970b699c9e7cf1b22f0affbd96f7947d046f48c815f2

SHA512
017ed6fb20d0a9fa1e321b69a6f69d7a29f8c0b09b342432b947cc356a148c46c892a86182a59173b11f47f2ef772dea9e9b038e6c2a5b8c1d8341c947be6f9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d81e8d5f11dd0834d1db65dac0e89c57

SHA1
e95e6f3c805993bab6635c2a5c6f7291415a1111

SHA256
1fa0c48a74b16d0aa5fa998348579fd369168e13f8bdae75ff7d592e6faacac6

SHA512
f6bf8464645209dd5f84267ecf236dc93bb63efed9845fb244502aaf8a09d0e3788ca61082d204ece27e02c6a4c3e886336cfa9327116c8ed9a07c9219b76ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
485b9994a0e34540f1da429ad6286980

SHA1
79642dfb5dba051cd55475c44f75ea6f4eabc132

SHA256
56398104a4323c63a7f1cca971ea677aa477c4db9252a53d0fee3bd5f7eddc0c

SHA512
08fa1d788c3c45d4640b6b93d22db4cde2a07b6be22d440c48332b3d43e30f60ae4378d6018ecf3e6ae695890bb721b89f6ed3e80fb61d294d964c57c3981124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4216074de5701638466e8ccc1bc39349

SHA1
4b9bcb5f67c2df22ed87fcd406f486087436098c

SHA256
1fde81c812bbd5c2961f200d9f05453c3e9680d4d891532c732c839a799f3ed8

SHA512
44cab631d16b8ac7729e31a6533b9b3c9fd012d5b2b19896002e766fe63b4037d1110e48736ed8cc4f41174a7059b720fe4561f5fbff9dd404001f87d7ebfa4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
916d5099363a777f47704e25dc5fdd05

SHA1
623820a9b0d2595a6385953dc89a9a7f6e4c4394

SHA256
a5d09b0ff5e138b6fc4c4f5776c94bba2b3fb816a6ab17111da93b81190cf779

SHA512
8aff31a1544ce6f745c4fc4978417078bfcce04c81743dcc1889f0ee06335dfa41b84e8b1c0ae5923268cf592e59868738cbf0c81200cf1466ebc165b97b0ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d78fa16049668121789906523d752bf1

SHA1
aa82750c6803fc524367852477e4befa7dae445e

SHA256
a8e0a46bd96d29cf22b8f1a478c0fe1a3723b030a7cc0a4af280f012401440bb

SHA512
989791c12fbf4e034d36b1601658293f4d03a09b5ecc9edb1b86a0b571e67d9227f6ee84788175e7b42e027a3049534ed8374998afdb39aa2df2f3c8bb604bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b7640926c5663093a42d16f30e68f5ab

SHA1
abe780662861393bfa59f2392ec8c889eef02ff8

SHA256
fce5a9edfe7cccb208e84c90d67b90b076da63d45aee5a151ef81faab871d855

SHA512
5734bdce329f7c5e47e54638bcd309bf7495240f48b532d8970cf0128d66bc91bc5dc30ace9c4a67a95202427e589d611aafd0034d166c67abf878d96fa06da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
8c7b048d60ed2bcafb7703497dfcdee4

SHA1
bd0626e2c520435bfabed3be5f1e91428b89f32c

SHA256
63e1158b8dfa61cbe423288d2d803e390be53c787a31fdd59206ad969632e4ed

SHA512
fb6b03fd0965cb62dc0c5cc44cfa97715275a9bae116a254c6fbcc1f6c5fc911f3cb6eef451214da53075514063ec7ab1409b4edc0f3955d8b38f7fb67984ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
12ecb5bf669943c1ae66589fa2f5fb73

SHA1
2fdf65d7c34929862dc8e8326bfdaa16a7f39143

SHA256
f9ec4979c0a4355273e60c268cac65f87833650fd954cc6b9fa174152e66f041

SHA512
5a1e755a3988d4c0ce93090861cf8880fccfd538cf2cb123826afe82214d4914fcd32b9d770aa19ecdc9e12ddea81d7a48ac2fc60a81d83fe8ccc552feccc8cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b7d9f24fb50ad801e67478d8cb1d7a26

SHA1
281ca3724422f94bdf189803e494198809699db5

SHA256
a1d51f2f99b480e15ae4969e62c216297c972aa93037d327e0858e980e78a53e

SHA512
545293dbd0951ee74ac76ffb0850342fe35bc77c4344c010a40f87b19e24363a8d96f72e03deda88568c7815426106e2c391dd166892cf47f09240ff264a0105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0421632a7baa54139a352616a9be4f28

SHA1
e79afd0ce45fc82dab8f7ceb2e76b1df1b7b9a60

SHA256
a79af686d592a05f6e9dfd901e2dfb0b3e4c9fbef43c47c84f24f36cf9e5da93

SHA512
87eef9eb95001cd9bbbb3a0a39d57e417054ff7dd41fd24b02b287a4b562e2f38e77b6205fe3462fd302da9b50834b3be868dad17115312fdc3808ee74844c4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b1b0e2382a599ff4e288d6e183150305

SHA1
a80152df8b0063a3ab8820bf252146f2a2baf496

SHA256
03b8c339fe2d8ab8f13546cea1185b79edc1509e6efeba97e5080b9e520651cc

SHA512
54e269de530f0ad533b82a47284e519bbeceee623c545115322431acd19bcc43bf379d0c69e2380b0641448e114e9e76c9484b6f3f1e250f6cd962cc6d70f1da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
04f32914db4be769915838a06d204a9b

SHA1
c9f8f08ba7e82ba656d05678a85383deb0174311

SHA256
bf83866f6546d7ee4524b28e7515a568e9b0b6a1c3a7d0dee93b50a9a0978978

SHA512
169d53c48f2b8f9907d04cae70bef57a4bfed422e64e96cd3915ad92f455527de2ae5bc90bab256f17b34989b8852cdb9bec9d468f81976d266697e07488ea58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7049b2c623df2f70b3495c65afd654b7

SHA1
34ec66e5a12480b5c686f43e13f83aeea08a10db

SHA256
6817402e4daa7b0036460e11f99dcbec685ae8017d17ab91a360d9b786a503c1

SHA512
a68a5521197fc667ab390be109ec75133b4ca0df05b0620155c2df9207bcea94a45abe36b04de1d5262e755bab48573371bf0edeacd34859d5be44399238abe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1984bc25afad22aad9e0b3ba9ba58ea4

SHA1
a7f87e89f5ada28745d8400e7e26032543b17b1e

SHA256
bead46904e6f2f57678e25cf4436fc99b30161da7a6c15c5720d6dcb4dd174e4

SHA512
c2c013cd095151e82df98d681d21d4f13ca0deef1960e408d6b4f128e60c9abfc86c1389ab83698a4391fb935a2c87959f5481d4ff2d9b7b843862236775eb1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0087ad0a15f275789941749652778c3b

SHA1
5e8b9db40147091daab024bc21f1c31c78a85789

SHA256
22284c13f72095e6e18739d9eeb4a1dbb028b50ee1b27b9a3564b7d38137bd69

SHA512
0607e89eddfa1d756a6093915cb0b52832025f281ee54e7caf2a9f14d32bdf233ac34ad9312d1852e3ab2d79fbbdd761f4d658915153cf7f3074e37f5fdc312c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bc0918ba42296fef7ce8a23569e05085

SHA1
56a6ba086b8c3de17559492627f0e3b392ca7293

SHA256
82425dd6ec8b5b9b94bcfecc9456678685740ece27edc3fda95e32c0497af812

SHA512
545ae0f1821009c934a04010e0f67f03ed06e3ec9b56ec52c414b364dedd4cd89e0a51a75ed01759c1c843f497edcab451bd3673db6100ae1915d00b5d2d59df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6eacd533a2ed06baa662f92e8f2d610e

SHA1
f8b848d7589dcd81a9e487bf38b52c760cfbecb1

SHA256
1446a16d5a04f3352077709d1eb71cc2ea26a7924a428c95a2b34b41559465b7

SHA512
fb0cbe0d1adccdc27db0c8bd2a540d8309c6a18658d7b23c1e0ecc0d7b5281af7b2ad510fdd19acc614671bfce1d48e999e0daca522af9c1fcde2bdbbd8be06c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ff89.TMP

Filesize
1KB

MD5
2008bcfe6aca20b75b0d34429249814c

SHA1
2d8ff261f27369646d513809dab84c5ef9a27d2d

SHA256
51ce531708e109b73a04f8e513c1b545ad3419a60e3e5cfb07b0c7ebfcb797b8

SHA512
0ccb874c6d7ef1f64bd125daab833b33d4de1920b5fe21965784f676ea4526f6c17b41b15e92ac98b68d108d6b3a46d9f05eca02fba1e4411d709251758d3ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5b4e0c11b4cfdc1d6bcbe6f32cdf68d4

SHA1
66899d36a4beeb3f740171a00f1a60880ae421d6

SHA256
4fcccd450d3258dfa89017436f1514881ec2d6839d47efca13d711391c531512

SHA512
dfc3a3c6f31978cc5060e25dfe4bd8b584886e639bf3865fef7d6c31291257ce9c672d142aa2cbe205d7fa3c34fb8c2f60d8799e8cf2ed069eb5da4d5a616d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit