hxxps://grrreeengirls[.]fun/?u=dl8p605&o=vp9k9z7&t=fuckinmycityu&cid=0 | Triage

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 01:48

Sharing

Report Analysis Logs

General

Target

https://grrreeengirls.fun/?u=dl8p605&o=vp9k9z7&t=fuckinmycityu&cid=0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{59B364AB-9873-4F69-AD47-0FFE4C7A43B0}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
208	msedge.exe
208	msedge.exe
1360	msedge.exe
1360	msedge.exe
4328	identity_helper.exe
4328	identity_helper.exe
3232	msedge.exe
3232	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

Processes:

msedge.exe

pid	process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1360 wrote to memory of 4420	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 4420	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3772	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 208	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 208	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe
PID 1360 wrote to memory of 3964	1360	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://grrreeengirls.fun/?u=dl8p605&o=vp9k9z7&t=fuckinmycityu&cid=0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffa604a46f8,0x7ffa604a4708,0x7ffa604a4718
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3916 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8164 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8296 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8732 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9224 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9532 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9564 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3749485346922300961,14077501608385054824,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6516 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9626ce72-7608-481c-a781-659c83d322bf.tmp

Filesize
5KB

MD5
41bacce38cfd3e82ec0cef6017e1e320

SHA1
2f79a2121c3c2886c34f3812d84945a0f04ba395

SHA256
2b93646e6ceedba83aebfd98be9bc70b8f7ff2903ff5915a3e5da7f8fa0512fd

SHA512
15c5bdbf3396e05c69950437d7ccc0a266ece4ab25316cf27103365d9883a136895d4ea238248c05179089e1b0bb8be9ff7399d0b17db7a5843ec6a437aad412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
64KB

MD5
163af04706a017d204b20b9980d820ee

SHA1
e6f8ce461121c7e2b827489456a3d8d543a35fc7

SHA256
01c2c51025a2389bc160dde0a2b4766f0d2fd13b639e288d24565a1f0cf94c11

SHA512
aaf1cab542224d5e75c392b9733fb0a8a55035f8bd99130ce0b711c8c29618a6e062a7d46429a7f94b5b0d2428ee4ba779cc548ee7cecb9c1ca2f0e5fc279435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
65KB

MD5
f8f13bff4b26b049320e8b55a2c14374

SHA1
16cd8ffe810e8ef727cf6eba5104fb5dd00c93d8

SHA256
8b637222f9e7c29951b46894dd8807edb5486bde899be1d663323f39789d63b0

SHA512
fcb6895bfabaf829543c79cdfffe344871143add84c79e8b496dc4f74fa82f1c0d89a1a711a65316bf32e00314708cc1880551d3b7c413dbec466b6d9d062ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
530KB

MD5
cfb45988a26817d393e4b6bbd6b009e3

SHA1
97abf4462ca7bd1d91f905a47cabfb18bfbd0af4

SHA256
7f24a3345c04cf2368a18c065feb7a307802cbfcc8a59e15aed25d8163f16b3c

SHA512
cd9827d7a48850cc52b1397334aba50d1aceebf572b9bd59822c4d03e0a3a865d52b296bc2d507a1448bd04a504b93a05d4fa656cf75990621a4e46250f105cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
90KB

MD5
cd50d82e259a833652780e7558689f2e

SHA1
0c49bd3d5662f80eb797b0d8b20ca577b43c4efb

SHA256
b12bf333ba46c3733a253c2d3cc1d6bb07ee72d08ade8668aed159991451a777

SHA512
ca09f152d99e2de5609049043e5ef05961723430eb6f72f202300270177defb2050eefdd8db57bb712ce85c56db1e3d76366bff40ae02913c90958ed5a5677b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
054adbb570066c7f73ba4460b6af69cc

SHA1
fa65c642127e07cf506029f10916c48973512825

SHA256
06c7635de3283b2d1671b0fb12d74cbe7fb0bb5331c17b0248aa940a4c890077

SHA512
fcc93599ec2e47c9a50ed7bb6fa85a49a84d3f4e3aa8fe10e08620b09812c0a6e4749c5bc967098145b4b769019fd433e45a90f23fb917a54ecc944bd4e70291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
fb57de4c5d1b53fe95144eebe36f2e5b

SHA1
d8b49013a4623009ffeb79fa942742998eacfced

SHA256
fc5b308083f98792b876133fc9e7f158e1f1258f923908fa696fddff6846e18b

SHA512
2c900d69059d3f93da488d5fa44790448f555c8ca06d8421629fdd69822afc945086163b95bbf1218f03d2fbec45b9cfbdf88d1778ac76971a0d879c6b9591e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
aef22fd93bad3648ec989ee2364cc865

SHA1
e48943044ffb6a1581cc353ee860bd726f3f9988

SHA256
fa1f9f3829fdad38bd2fcbe86f1e4f42293c6da50a0f771ac9f5ac6e5fd3b931

SHA512
c306b6e8edf23378331bf2a993b92ebdf0b258d307e0c4b92c68e02de307c2af9bd1bbf00037b2ca6815421f17f7a771ddbc35aef52cad7dafe5ac2278ce3728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_yoursecrethookup.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
770B

MD5
d81154529f499c3e205b36d10b70c726

SHA1
c74a548fdff567bfc8d25b7177b0c27fae1f96fd

SHA256
5f4eb797edeea0d0f46fb4858890d194133dc1da6203164af779c1b7c8a355f5

SHA512
88a78fc924ba66db363692e5921a9bf6cd6317c055bf09175d8831ef5bc72f6f3b8e470eabb58a19af5ec3e34e40e509f8c2da14947cd6cce8f355e8d53733dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
724c0177db7898f02563eec960b4a363

SHA1
9aec8aea2c487ff2370ef325fe8def13ba1133d4

SHA256
77a82b20c57b53f1b2df3f7a2bb2cf73d4cc81e6ccb2c6193c06571965248087

SHA512
fc668373d7b37b6565b3abb5329558e0db6e46a7a9d517ffad3b50cc4f8888e41913e22f59fa58c6587c7bd41fc9a34b89608232417ff8ff78bdc6d54eb03531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b02fa2af06293ba3c9cdf638e9069faf

SHA1
af68a11a8e5befc5fe82aa642af3a28e9843c09f

SHA256
c324d8ce420fa228067e5cd9bb2bea3cfad5ba375747867f2fcdce985eda4207

SHA512
7681c5e6c7e55efb63e89ddbde9786a8afd0d32ca4a38923ff9f64dbf2e1c43719cbf2a87064e387661ed375258199ee0c7e188b7edd1429b0d53400eb47cffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f36c453f93be04f76bc9e5280688e8ff

SHA1
992e240c42a77fbf12708c9c85e04c6ae8e87e48

SHA256
6f440ab37e56e9c92e00ed48681fe40938d4bf329f065b6af2c69a28d69bd9bd

SHA512
7c3f77477d5a647b7116cb99053a9300aa3fe62ee2c8ecf8bd704288c0732b065261caedb462694e98ba733f7e9568a5d86ca4cca8a419a1129ffdd8fdd3a1bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dd9e037bede3a1345d8944762d99a683

SHA1
2adeb844b0b102c3f176a24fc152850376de2889

SHA256
aea720089e810005b0f9232812beca2d7528c0eb95321d8ba255a8aa1d4eaa03

SHA512
a3c7b054ff25c9b34aa8072105378176ecec0b09a425b637aadb1d958e8e2f3e58a192be871538e708f88c2a160c75d3b147d01b34caa070704c919d3855ed39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
7dde7bcd8c6a7edb1232091c47ce6fb6

SHA1
a9762b0f0c01e861bdfc2d98fb0212b99d02b930

SHA256
45895a00844e4e8ddeb222860ace3d417b6f5beab05547725ffa56a5bc54416c

SHA512
65d7989981317f57689159cf8c7e17674c64bcec31ab440cbee7a1e76f3cd172f7791d3040c459410c26fa32329aa78cdb1ac65db9f1caeb8e9237ad965dbcab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
7206fa6d36c9415ae60d75e5ee7d0c02

SHA1
42838d7cfac8a0ea5dfa6d852225725b11469145

SHA256
de7e736fb6b1da59fef774d5a32338489198c294f1ffe9287ad95e6cbdd45d4a

SHA512
6702a214327b8e04bc8be349f19173d922f10e823fefa6e173f56d64b4a7daf409bd0b28d1111cec7b969ff12ace81bdad944a0337603b3540b9d181fdd56360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
4ffa8523a3f71cc19336ebd8239fef6e

SHA1
9a789091c57cc2a4cf9779816d06089ae23271ba

SHA256
ec46cda52275aa7a3d4191842047f8e482c2deb5b39ca2fa0c2389a05af3c842

SHA512
08bf2ee3edd341d7eca28896fc113f3b5f37d3772248d6be891c09993dc9a8adb13ce82427dc8ab5a62f8790e148de24fa3f616224a9f96451e97aeffba13a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9166dcc80ada0fd85aed994ace4c1a6e

SHA1
3063e167a9439849836a29509e3933babb0da260

SHA256
6069f0ebfdd64aaa42be8db2a775c33d1f3ab72be784c69d481c9cc243734c9f

SHA512
7a603597ddcbbabdde2ff877f1008ea2608dec5b9054e0652ec695f6c160e32c7f7af476c78cccfd67192230192b9c35ccb35ffa2c4081313197ea407d17f651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9b2d590724f25d8ff81b754bd035b42ba08c688c\02bc72c5-84dc-4416-9734-39e98d802e8f\index-dir\the-real-index

Filesize
336B

MD5
a6eef781d1bc5b5fcd54fda0e17cb43b

SHA1
2245aaffe2a21be17bc319cb55be2731ca12fa90

SHA256
667a080ed6793ad7d58a4d7341fae999d8e14461b79052c47e1c5de3ed9cfc50

SHA512
eb702fc9838c7836c1dd1a22dae8563efed2e5213323c945229ed68549c9ed7f55ef48e964e01b96d3950ddb41bffaf6e9b86b9192d95dda891cfef6dd39492e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9b2d590724f25d8ff81b754bd035b42ba08c688c\02bc72c5-84dc-4416-9734-39e98d802e8f\index-dir\the-real-index~RFe5929b6.TMP

Filesize
48B

MD5
1f6db5d1171e055cfd1d9a16ab285123

SHA1
84f1fea5439593c9cc427f47f1dd4007e92d25cc

SHA256
a7b1becc65784a07d69502dbef2e82ee0a92c69aeecf71caf83815b37f7e785d

SHA512
9cc4da4eba960917036918e1592b6ecf3a9c8c52dbb5da5a6874becf56fa2ee97d930612aec8faf57be517afa852667a6abbe0c7084c36cd42d17d62c9d74469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9b2d590724f25d8ff81b754bd035b42ba08c688c\index.txt

Filesize
99B

MD5
a3e6d5a1cb931881c1770e211a1caea4

SHA1
a11aa75d7f8bccc8360f8cb362a652bd2ddd4ed2

SHA256
3371c28cb32f2e1248038290b48a047205536d40cdadab5e8dd8135b3833ce5b

SHA512
e378f61d076e613a0bc482c3d2a9683e8a3fe37c1bbc8b9ccdf7736f3f539001cbac9f58e01dee9ca3a33ce44b9135f6ed8aae5b4e1cc7fe22d90462ccc744be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9b2d590724f25d8ff81b754bd035b42ba08c688c\index.txt~RFe592a14.TMP

Filesize
104B

MD5
5b94fa6e0b2e91d20e62953608dae8ca

SHA1
bb036822774640f36fc01ad5f1a1bc629e717663

SHA256
50318b9e22d4fb754f7c54de40a5b77b4d85561a7b12ac66deda9a3b8a4453d1

SHA512
9c2db750454a4d040e6e306a0aee4a1a7f082033843af960157cd68526a8c930bd464a6f0179cada0fef6979488cedd7819678cd05367880d3c0648eec47cd9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
cd7fc52a507f97e8112b15725644fd8b

SHA1
2890543184418a9550d80914e0a05900c65a7111

SHA256
f8c17b38c6742a79193da3a4d01a9a0ff7cba33ab53d78dd6255286da09f1c4e

SHA512
1c0dd54479ee1eb16932ca20dc6d8fd68dc91601618e642bb04025d0627c387efb614ea6925db8f43c8cf4dd67e5edfcc453753f5c931431fd1bea0fa0685df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe593f13.TMP

Filesize
48B

MD5
c9af6188cbd30d41cbb6d27a2a6dd6c5

SHA1
00448fbaaebe08c3f8d29bbc7b489b81cafed2c9

SHA256
5bc011654b3e71614bf5bf5d46e06c6886ef2ee740fa21e3f426b198f38143ee

SHA512
71b108e7851678737e3a40ada230f149c215035831f7ade1298cf9006ff654aed30a467fcbca895137da8ee27116bb61ee0c546e00b2c019fda7565f80617c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d41795e5b413107647d1a143ce50de84

SHA1
98541b88b295b7a6bac7090cbc547dc4d6f6a9ad

SHA256
52637cefd37e820f3369fbee27b246574304248dce320d2e61f8f34f39178e2d

SHA512
3874f22ba5630d65ce3d2898db62496e2fd958fc6af9d3418e39a31e9f12a6e4356ad09130b5459482f3a35276f6ad384b6d565ccd9b49c39f04d3d85a025b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c00185b138a6fae3b3cbf8a6a7f55976

SHA1
fb0afcf0d068d6b305358fe14c8a1c733ef51f46

SHA256
e5712118b0c5aeff09ecc9b2d80c83e5b3419517fd0c6dbf888b42d9a69f0103

SHA512
0c71c663fb304279d9e85c949a8d44460f60ff2500cc7e684833a5882ed05b0fa32358700ef10ad4ecab23bffb88a34171c2529403fbc63e40d19c12a40166fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
58b12b43227e7df1b8b9085d84cba3bb

SHA1
ee1d912e2c46d8d6ba6b134a78387f7338c2271d

SHA256
1373a4d52881c1bb53490d4d091f817acc91f6884683ebec81a52435fd3be889

SHA512
4f6763d610be680482651db1fffe19ef49ac35a607c617c8e007407145b39b6e7ec315d2c6d627320c4a7964f62beabdd18068362a321e6112fad55003a30999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
57b23715ec234e1b03ec4c78168146dc

SHA1
75e16c69a72ff17e68b4110a9933cc813509dd45

SHA256
b00831bf24921034a60d110d7b90184ecfad70cdc58023e301494f2a304b60c7

SHA512
783f741abf0582a82d89517b6fc4ba9706bf35a4e8a4c0cb62a1da771b900a82cafa4c6907125ed2de3a6bcd3a96aa24d7fd661f958895c04aa8133a90cd8893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
fdf5cc714370cc338998f65d9ce4c230

SHA1
d39fdc84bb705a56d69b7607ab9a9ec2c9e8e07c

SHA256
a50072aa07b0169ede7b1fa49a7fc1208e36906be840bee6a93fd62ce7c3237a

SHA512
a3e73ecae3103b52c04acf382c0363a26acd4a2bd18c1d41dab794d912a4b433acdcfaffaaa4681cae2a26f8e00e9a6abb12dc98c8a6ef8383f16cdba603cda1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d899fd3b2b3f590541f34a099696c904

SHA1
4e13cbe68cbac0611f8fdef7f4e37524c18a3d6a

SHA256
7abd2756e189801ec6cb5e802ebf125fec2f436b356d39b9c60445ba108cf7eb

SHA512
46bf092bb7fe3fd1ee8227726893d976dc1a3b48443999fd20b26ea8df1747561782c56f2771e68a059f5604f0a47c35b158eb8e3a46def8291b5d9aeceb50ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b46b.TMP

Filesize
371B

MD5
8b2693abf25469c52d89d22bc33674cb

SHA1
d628e1ebdb8f8adbf16debe3919b5ed3eeeed45d

SHA256
c80ab827172744e67b2bf7724320f26b873fbbefb9d4ee67f7abf06d5759b583

SHA512
52b03612989a83cfe5e84bc58bf2e36ffa2b08f8f630b02fbfb068773a030efb3c34e15238d4f0b9e1d759b82c2b60fd8941bc9ca44a0bee3bfd3606a0fd6b88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
086a3f725893ee6591e3de1408e67d64

SHA1
a0dc2c4c8987dd17513ebe72256450571bb86740

SHA256
e2cea28eba0baaf5d59ed64da1d55ead205fd881d304de7a968577de78bb6ef0

SHA512
ff39ae993aaa3e9e29761e6213232d0cc6bfe0dde6e3a19ca005cb23c0e27c004d46cb7eb84e78dfb54c00034a3c524f8c51fb0df92e748a03d25b64ba8b9054

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_1360_QVFCVOVUDUNXWDIO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit