hxxps://free-leaks[.]com/s?vYer

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 06:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://free-leaks.com/s?vYer

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
3028	msedge.exe
3028	msedge.exe
2588	identity_helper.exe
2588	identity_helper.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 684	3028	msedge.exe	80
PID 3028 wrote to memory of 684	3028	msedge.exe	80
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 1144	3028	msedge.exe	81
PID 3028 wrote to memory of 4816	3028	msedge.exe	82
PID 3028 wrote to memory of 4816	3028	msedge.exe	82
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83
PID 3028 wrote to memory of 3940	3028	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://free-leaks.com/s?vYer
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff739b46f8,0x7fff739b4708,0x7fff739b4718
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6744 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6948 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2524 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011854807252007697,17455702842576664519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:5264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
21KB

MD5
2cfc011b6717079799e456b6fb67cc1c

SHA1
0d8baf5af08c6bbeb06e4fe84a68df0a1c1b2514

SHA256
3cf3c93338a79d1f399cc2e5adb5fff0592cb4f93dd374fea9eb0423e1a5570a

SHA512
5ada32ac159045406e87dd2aa151ebf8c8eb49be7b4ac441111882aad8821cf342b034a7b6d8a81ddd8904fdf9110041074268e0f5070159bf290531b8ffea7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
102KB

MD5
6a2298e92f4163f3ae75a1f2a2373bdd

SHA1
3fea68ab27bfc355df8ac421c060e57240c3a32a

SHA256
b3ee43775d0371a665bda8ab4a43206bef23c6ab588fae0b11c6b51815643538

SHA512
2ee61fd022c2041e66beae1b5ae0f8455a0f733eb85475b20c0478a886e8d27af1186ce6e43e1b4dda6fceeb09422af581afdc98c1878942bc4f9cb7cfefaa63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
5e6b051c31199c6614bed20c947bc54d

SHA1
21c5847d89fe9abf79366f242d7369eef1675485

SHA256
597b0f330bc6b91a1a4f02de5b88c45f94d632b4abf32ec981fbaf27e3fe8fc6

SHA512
7d128c4254b2395a1123ae6d5fa2b8546036aaddd3ad8c8ba60fb7292496ebb8eddf22041be0b4919bee845575ecfcbd9d874610ffb4693f9d2c19a088b11dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
65KB

MD5
d25109c9249b77c7cf2a90dcd2e88db2

SHA1
e12430ee61c1698aff70939b795e96a2ab1a51be

SHA256
7d041b993ab544156abba66cd25edf215aa063fa84d5742d5dafa781f92e762d

SHA512
7b0c7dafa6b1add8befc416474414681fbf077844d227dc3e4862fc04723a030749113114f0780401ab383ae595b3f7c11d8283dd5a7df6d9e6b68f0c72d0bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
80KB

MD5
7025680a4f63820bb40f6f421d1bd91a

SHA1
ed0b36362ce5d4df0a4f521264c63fd036cdfd4d

SHA256
399ed8d4f19abf872296980ad5e68f33e1a60bde7ef942914ffd7a0019c8c940

SHA512
086871b630709ce6c22a1007785096b5d47fbf4a8c5c66bf0691b5947f6f1106fa81e2a17531c7a21774116cd0d288f94c6a1c2767167a7c46518cf9f1de0d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
19KB

MD5
c549010f60637ea4dd0c2aebbf3d76c5

SHA1
752de3efb571a629e11bfee0ef0e6dc34fb0b983

SHA256
0fadb862b4dec689e05fa5404ae7da72eec558e23abd86939d9c12699c6b97c3

SHA512
5f9fa07fea313c83b7bace02f27b01fed1eaa709d55e916c9f2ac7b51f033f1a1fbace9e0d3f1a64499ac0ccdca8f4a6ec99524b3761b3cf047301ba20983adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
23KB

MD5
128c0ad1aed2dd38739a0d9672440c9e

SHA1
33047b174058bdd792b47d0d2b2da7cc6eb1d0f6

SHA256
6c5703dd366384a00053589d998ded24a25dd4c342b5f1f844c967676fa1be00

SHA512
5d1d51e8c03f21a3051d5dc4df4250a773822242aceebe5378d07ec92d1215ce54d350451fc491ffb26505eee6d5074b1280e42b921f7f4c503d31d59d1b3420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
48KB

MD5
a30af14d5d02bf9aa4708ae8b4e0eaed

SHA1
33efb70aa4a5b3e0cf1ceb032bcb449c07a0cf24

SHA256
9b40d8e738f73d31dbcb2a86f2b220252f561c1d4a541795180edbb16a697033

SHA512
ac74d2765f2753805a5c971ff6f6415bf2553969a758b8ed30f7c7491fecfb557e9bd55ff37b3f76dc0791bf8e533f56d5b72f37ae12e1fd3b3479665eaa2bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
16KB

MD5
d08d79e572490aa64e6e4e3bb29731f8

SHA1
dee7c973f6a4887077fa3e72eb39b9f056910ba7

SHA256
0cb03c3227657c14c57d7d85057dcb528d9df37a9fb49840a2e62f8e078270d5

SHA512
037531686d00240a50586de62136af3dc0c04d9c0c337071c63d8c84232b953d185949cca9aa0709abf227448fff897b1163a745709e938ced49e50266c5c682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
17KB

MD5
0dccd02039ae65099ed73888d33660e8

SHA1
61f42540aa07a7ce2e7e8d9041cb71abc8112654

SHA256
b3de86284da0c55fb8f5f2de2873cb8ce74e46a935abad0306dbec5402dbf105

SHA512
32acb31ae539d817efd19de3447d592d8e54520ff7aad57c691d362c30fe07fd9eae9ed1a8ea0d3bea4baa4873f68c204ab1bab385c5f21daac1674d86779cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
17KB

MD5
bd2a8fa16598428ac9fa8e1caefa237b

SHA1
f23bf26f19dc28fe33ab1a9b16f6cc67695bbc6b

SHA256
7097e1888e9af8cb82ab75c23a87b6e9830525151945ae662bf3b291bf04b831

SHA512
90f65d3cec50cee788db2fc0006650b8d2a14eaed3f69602a3a99ac227eb7d1f47d9139bb4074e91e18ea781025c420de1b4f1946883b2afc312283ba8ea7c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
51KB

MD5
97d0df61a498695656bd44946feda33b

SHA1
f989eab7158a7f6500f3b9a279e00ac52137a79a

SHA256
6e1a30c81ac044593daea66d45572dde5554aeb4061b9fabca27d15a2dbf3efd

SHA512
84108aab0e3050a36bc1992d441d47c6a3324e6c8b37e9df09c4fe758f63885ca1a7d88d8821ff2c67e9b3ab73f2e9a42304be0bd8e88131280f19b112ac4e4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
40KB

MD5
6b74f74fe3dd751f85551d837932a44b

SHA1
1b6616a682832afb7c96704ef5fb05796e5a2c40

SHA256
59f92dd1a39d0f962bfdd4ead3e9843c9426b9520f61b0097ab58557be0e1955

SHA512
5998f97d0d7bf503d5322845a22d302cb6982610d4bdffb809e9939b9196270e84b1c9d3f83e0dffe7183f66d0159222704e0d17f9209738fcf076cd78a50e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
60KB

MD5
bed6bf19e8c93e393dea4e3fa046aa64

SHA1
8835a39c970334f12dbc1eb4b9f394ade278d7af

SHA256
b519321f3682561b7872680aeb2143db83cef64aee4b41754441d1773b49c01e

SHA512
af2f2857c5062a5243774737a7bdd5ff2ba4147ec499e450bd4ac983f31f3b648744e2c272857645051a886889882f562c8929ec906626a87606fd583f71b6e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
18KB

MD5
ac84821816ad6b57db8e91e8be6e3c06

SHA1
b82a871e3bbbd1533b20c1d78141dda6e3272095

SHA256
6d411fb0c7e2b209c19bfd402fad7f3b2c4df75717337c8d59e98a687561b3ed

SHA512
6fe0566c0ad724f397cff91b1b9bc87bf6d9f049b14b62b46ec540b00b46ec58fd533d789ef84cf3d2899ad00dc2c6411427a3cdfbcaf0b792dc2579b1165773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
21KB

MD5
bdb44d498ebff196c9b89546565791d4

SHA1
b8db08f303efd46d0bb94289d2ae4e0f97dee07c

SHA256
a545f8661b6d68eba2f819a1a7a9a1d97751e44ad77f3701abba11ba08be43de

SHA512
3b67d824b74aed0785cf0ace91b20807258c38c309cb915a67707117df166dc136ea40a69535cfdb38bcc91312f66d714a2ce7cc4615aaccc6ed210db2b2ee02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
40KB

MD5
41caba792bd0815c50d2586663a2f6e9

SHA1
8ba297073f4502b840d2c5f0a24ba9d515e2dd84

SHA256
8dcaaaa16bd33e6cfe7af170332ce93febfc6e8e7d1600d1465732e4405e08a3

SHA512
0a8753df627984de1cbde85ab8b8fbaf49f9b76a5728675eb7973a0f072d31f00a4b6df1b9a459d3bc6405ff92a70acf9d1b5393daa0c1a0d34742800cc9c9af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
50KB

MD5
357dbcf091aefc23129a7f7ef3653fb8

SHA1
1ceb53402cbd188fb541d60f3d058039d140e791

SHA256
d2bd7c32ee6d99d6a81b86eeaf043803284a869004a7ddcf3296a1864211b3d2

SHA512
a2060de2b1d6e42d2158d34108cda4ff7d67135c943cac1b845d5aab853991c39dac89803be8791bb37ac485ccdd4f4de8e17853074dd6eb16c126e13d1bd3b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
23KB

MD5
05aa4ed3532dbe1043d2a073b24877d7

SHA1
c7f4138e0bd87c3b8683ed9191d8bcd76408c0bc

SHA256
11fe360ad80e52d7194aa009472be9bd75ae230b9f7c8206c60b4d53bd2c9766

SHA512
1b69476bba1f1d51fe69ee1e2b4b2ccf08320d3777a0a4817c56bbf8c4d29726cac63ced1579ea3f9a7f1220ce7294f3de0e0baa470a367662432c25ebb8c601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
67KB

MD5
ac76adddf8af04e1f4ce5a1ecb2b0891

SHA1
91f06f7159a4507b817fb690d8ab031852690b40

SHA256
fe53f893c9559ae4e50672582e085e6974002ff9e1b7d5e8b0ae7b3116bea2c9

SHA512
a5131e36fe771027925bd10520a96771aeb9d7a9895302187746076a3d244ca727248764928a2206f79d15072dac96bb79f2ac5f099de0b26eb8171ecc5e8d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
4432c4f786bee7f7b059a07efd21fd8a

SHA1
6c4ecd899cc7a02ad74037052fa2b15b8a1a1308

SHA256
24f8195eb0ed81121ae633f1aadef7d893ed40b90103cb63e831d42c9e43805d

SHA512
a766afcfc3b91640473c33909b515d110804d00221f1152b61f45c821af6b2f8f6408c5a75f91d3e45a82ab9fb73f347be3a6b6e125149fd1f9fa75f370daac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
689853259d26c5100f04baf1fda7b194

SHA1
132d7abfb6568c67c7bba49dcbfbca6aa272d04d

SHA256
83274361f552e208c3bf301e11505c4b081da49f59e2a66c33ada0e8c2024d3d

SHA512
5e7ee75e9efe060b7a4ad04e94e4cd1d8a2b6f73ef834a74597bf3693076de9885992a20d47374829e396972eed528b29528be8699da4ba9b87fb97d07b67300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4e4c18bc2a972b66033f075b19840a17

SHA1
dd7c6febc220e91646f7f46aec6422a0e3a3ba6a

SHA256
30e0888caade990b6d6cf47f4cb538404d0e631c6ec39338ba1d3b38bcf0d2cd

SHA512
afd1302c4f773dc8601218374bff8513f0d4e9d7da200eef80fa5134e1eb0af65c3b63f178015454f4cb3aa0469d54cfbd1ab340ab739e1e98fff180c2f60960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
889e89b74291efc99a6f84a656308b39

SHA1
7289dd6d8339903eacaaf24d5ea13ae331dec9df

SHA256
7b8c2b5713972fefc536046be4a7b920ce684ced6ce212afc89493b5126c8944

SHA512
f5ff21ddbcfd8ab9f15f06ac78f2a13c5a9a3bdf12ed8d6afbce5beb69bf9db7bef2a6ba025abb95294faab1bffd5b86895a1a05bba6960bb681e494487f7dff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6b1ec71fc2b89d592c52f5d8f0484d3

SHA1
c2215de2e20677595a459995216539e198260ee3

SHA256
e1767e03d003603f42f3cd46fac0576abf358714626705ab905cd7b5978e5a70

SHA512
bff77d437a4b230038532a30a4f532b15141bc5514bdded561ac229bc7d7a2cd9c7804e4673cb25b01ca22f9a24c459addcc9fa2b7dd597d352ef97fe92a024c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa843b5f28ef5292405e0eb6ce7e914d

SHA1
ee4baad73d9c7ae49d6a47e37e66096f4c1db0e1

SHA256
e87198c5177ac2e510c87673621dcf1913485b972a9667100fd2366f830b2234

SHA512
8403966af84930f5230290c347275af74e355f37cf1725c2dbe14f245d0ddd3e999db355934e9ee4ce3d2ee5d4a461a457c9478bb3d073ec08e7973f13e449c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ede0a289f27f3aa5778416063a75f5fd

SHA1
42e15c02d8bc98f6d211e30d448c19cbcbcce1ba

SHA256
0a229abb6c53943a8ff40f9c280e474b624e491f41255a569d8563d9e984fc7d

SHA512
887cb28d8187cde512b705e8623d857b7849137cdbd53ee7b90500a166d3839dd5523817c984f8bcd3c2ac6a8f1972db189b82ddee5f73581dd6d05b54826024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
741604f66e07a6dbe926ec0e8a9b5c1e

SHA1
54fde796639be78e96f22a82633ca959648a8674

SHA256
d9b2d737868ce03b93ab32032c8462285d61cce1baa2bd63173c96f099c16908

SHA512
7908bdf8dce8ca154a866c0a45058b5c5b17793848ec93d8d291dcffc38fe9cbd343cd1daa414192dead82b0249a5144d1f18a0523db354ee1f49eaded2bb2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
68e23291636a0896705ba2d74a62881a

SHA1
7c69e94c69278a0dc60fc493bbb28e475c945e93

SHA256
bec7f8c73ccbd7d6be357390270b4375c9b92b2a03858a36758a6d367d9c1030

SHA512
3c4ddf0cc361d37b9dd04b2b25695499778403dc0bfb9f5375c82ad9ef780dc706f15b206cf23f921b33c897b3b58d6b774ceddc8831a001e7393388a1a0a4a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
10e8d37bbb12e015056aa01a5e0df8af

SHA1
e8eff9a124edcc42e05df588146bc913069dbd30

SHA256
701ae8cc8368e05550c13594c7f428fa446d427d6e8b2a9b3435e97e508d29d8

SHA512
73b2be72be4337ca99536b07edff22beb95f6860a12490501ec619d9db4aff993a83783904706c4f54df89e0de40a6923a02e310fc849798b37a727d37ed46d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\4554f474-fab2-4d45-ac39-4300c3e4ab19\index-dir\the-real-index

Filesize
72B

MD5
2f0d6cae95b4ff560f531701c6a4536f

SHA1
ade949cb5009b860a3c42c4918fd9b2b56b91ee8

SHA256
3e95b881dc938c52f393a412d101111b946a5290983148321819f2bb20f408ad

SHA512
8c1e87e5e88405ddbb5c3f8bfbbf0031d24af04eea9f0ac7518344d62456aa8be3a0278e7e3aec5354ac510cea4046286225899efe1559c65a1ea22975c31e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\4554f474-fab2-4d45-ac39-4300c3e4ab19\index-dir\the-real-index~RFe59290a.TMP

Filesize
48B

MD5
661b782c739408d2b0e812b9b51a666a

SHA1
976c933e468163cd35732c1e10185b35ef5dbee9

SHA256
6efad0fbe6a50a16869c8e8db039b25b0e26de73373e5c6c3ccdbfad49c50c33

SHA512
e2c15b693d247ea97acff52a02e711f9147b6b7a273b5e08f700b25fea022a448bb4712fca4e548c8d76cafd9014d889ab5c976329b2e84117f5844c64880104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\6844bf4d-e6ac-4193-a190-c7e0ffd40a4d\index-dir\the-real-index

Filesize
72B

MD5
b3ba0aa1c10e1254aba3df4f4b0a6078

SHA1
5fe1f4290117e1b725c31c4e89767a56c004ea96

SHA256
cac63200e2f9d10d579ca207a0bc24349ed2e21dd185a412d8859a63a11f6f71

SHA512
0a241b640e221a1e68d3c59bc81a9ae72f7a7c21c751bae3562b50e1ea14172052c7fa9e941ddf95863e9ac119f55b9859d29c7d956a819dfa2b0f5f73fcdfd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\6844bf4d-e6ac-4193-a190-c7e0ffd40a4d\index-dir\the-real-index~RFe592bd9.TMP

Filesize
48B

MD5
d576b8d4abc28f4c09f1fafdcc715c88

SHA1
f1443c79a8d332167f3dae54d03fc8fe38f8282c

SHA256
1193764fc04469e5356a07f98c4d7575d1569b17c332fa771e83221653bbfbdc

SHA512
670fedfaa8ec77ca09e3b298759e9c108c9669c9b5e483f076506bb1a7f5d7ba67e3b4885e86875199d419a5700ca915074227b79b07afb2b365662957da632b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\7a9dacd4-194d-483e-bb4b-42e68a353e4c\index-dir\the-real-index

Filesize
5KB

MD5
7bb5128a0e9dd53cf4366a3dd923bd96

SHA1
5f10059020607b010e680dc5bba220d5ff590d37

SHA256
be6430012f02e7649397173a061f5e025f70d50df2bead8039d2770a3115248f

SHA512
59d2dd8caf896947eeb9a5a63ecbca969c160e65d87a0d0f59dfe270fd3cac9a046245b10ddb1c6b60ce30b33be358c140d74107c3dfb2b002ba85f92c5d944f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\7a9dacd4-194d-483e-bb4b-42e68a353e4c\index-dir\the-real-index~RFe580c9d.TMP

Filesize
48B

MD5
f630122500c212c56648d29f79316ac9

SHA1
e40bbe65e5321fd68ab4d2a6fbe1d9833d99e260

SHA256
0f8c2c80fc34ee8c4888107ff2b8dc8cac34a29d0aa005978928b310372c2065

SHA512
d003871efb4bbc64c1777d57e326a041a882a153fce1281ea3d848e044a1bbc37bce758b06a53ff55845bf449f9ed2c5a583294f9bc8620f775e1e858d936af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
160B

MD5
4e436edc2e7384f783bd5db997584963

SHA1
2ba1d8c8881f79f12e77c4a14b50eb6dbacb3fd7

SHA256
e2cddd74727fecdec3a32384cdb0fa122f5ff78a60f10e32c233c15709d62967

SHA512
10f7e6422b80782de614ce7314fb93ffc29dea8e0bfecffef72ba2c04772919fa68025ccf51f73cb8e7c9b29de68722041d4544afd852abf19322231091717df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
227B

MD5
fa4508c59afe1f8b45278773ecd44311

SHA1
ad656c7332a9874e20a9a016c7191102854b7240

SHA256
c39ac429b23a48d528f1be11b31a781079940a2525ed691face5fe148e092ffa

SHA512
e40ea0fe7e8eb8a6bb293047e4701912fdb596951f4b21b6f22e612a2edd0cd0ce312b234638791130a8c5d3af94fd53eb51803b726c4b5d29c5d4a12c736f34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
222B

MD5
f3b33ddf2175ea43ad4ea290f3a5b07e

SHA1
c70a9c011b9adba8b49ed8e0dae21fb49de2e719

SHA256
4f93bdff6a253f4827c59002f1ee6c57bbb3638691e35556fabd0c007db5868b

SHA512
0b9c02cb6d7da17a76ad64961800dc9117b3d4ce30a99d2a34d66daeda5c43e42c72c4807a9b383f05811a4b091b904cddb32a2ffee779ab303e9f506cabbbf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
93B

MD5
fe2d5960e592814c5a6ccca64d5aa5eb

SHA1
d2039cc712e229a8c8cdfde28c77dc4cece693cc

SHA256
ffc31e609bb0ab339b98395a3130066d74a1bbf8c333f97bf542c03023c07eb7

SHA512
1caa42fbdf11609796e36e57bb599a5fbf51b29b3dc2304eed89543eeaac852dd8c0f2afc9799cf01dd70ac6350fe0baba05bc79c266d7687265a6b6e4d294c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt.tmp

Filesize
89B

MD5
8eecc122efc87e681401bdcb812e02e5

SHA1
01b294bb804f478ca0a40dbca3ac4a7e9b850965

SHA256
038eec6fa1e8f35d88ef9b509a0f51609ec1aac6ad0725481eb4928d5c9ada28

SHA512
dcb2ad695c982063ffa03b9bd0e0eae631c2d53c7734f11b13982e35cb6d8e304a127b0bde8168021c46cda0b21955cca64aa4ab180eaa6b42ac26e5d36bb0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3c69ea9959cfa72aa8dbbb32a5fb556e

SHA1
6f64247bfceb15d3552e393916e66cc612a87394

SHA256
15ac2f0b2c5a37269b19951d2b43a30fab3aad7092b498ca55d6a20448f519c0

SHA512
257679d20c15a7f651037dcda289de60dc1e8083c5159c918497ad3dcee6625b879678604435c43fa03ba54b6011953f9c081800efaeaed2634373472bce65de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a9ec.TMP

Filesize
48B

MD5
53996f58e3e2d85d5a27f3dfe2a4c4ff

SHA1
7697036a9680bf5cd3026b9c91fbcc70a75849b2

SHA256
9a2294b941161168ef789f800fb7bf3b41b2492ecf2e6546a9916c29961f283c

SHA512
e87b3c66e9b7aea704ff93821101ff26a6630539a07ed565fc98cf037fc429d92c89e92a3a498eff76e4eff8fbc49cd2be063758188f24e65bd0a3ad94453a52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
657f4eeb3020b418aeaa576b7ef3081c

SHA1
9104ed10f27e345d815f483a92c7e82a6e31d81a

SHA256
89ea357f2cba4cb5d2304d0d401ce19affb00b8e725d285a3d9d811217ce739b

SHA512
f8c72a8bebd87503c15e27ef98de96ae6d4f1dc6a72cc6ad73de286749593bb3c15a838b59e3bd6f10a94cb3da5796e08dd25ad1246626e4bb5d5a1e554a95b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
85fa7b0c9a4ed629a1bf4d48ec3e71d9

SHA1
3ec59b0256c79fc46cd8df04da08fe765ce5933c

SHA256
2f7659ad9c99cebe9ba781357c003e0ec641a4530918ea5a9a7ec86bba71e24d

SHA512
1e21ffc18699770aa5d1419ae645c187a8dc37bf678c7eff95fac23196a464d9e9386a24687ee431246e7e69089f0708703ef1233de825acee531259029d0a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c6199b91f0d1ead0c1c734d253e2be2

SHA1
a431e5f1150d88ee251e6acf41e629133ceb0530

SHA256
6180fdd6027239e69fb35e46b9ca89cfb9529479d8a5e13849fc222c4d84821a

SHA512
137145fb2c40791151eb4e77a25fee34b036b66591427ac818aad0c0916370155496dd0336834b9cd6894d5d15e1ea74ae6d94ea184e5972ba0f6871425f8b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
775c87272da82678a990464c9ab72b1e

SHA1
0a95cc974a642733a60f5aea785dbff7552a3c87

SHA256
cacee2ba8fd508f62cb98e90515bba64f4b28e51e02bde873bb889b646e22db4

SHA512
52a3a9bd4fb9ae82bd642af019d4163202c94275cdced50b93f70425b565d8a7ed3246f64d584271d3de7038b25681473b95bcf5397a29cff78f65172d511399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0938c1303ccd951df396e5e75df3e07a

SHA1
b89b60c7379c5b3cf0f08fb28d1245f774c726d5

SHA256
0057a8a0ae69895100e4dd521307a38ca98d51eee0b8a4d970984b1c3bbee8e1

SHA512
e24e694b90bcfb8c33d655d97e5e1dc14dc558293dd2620899a6095992542ec53e05d32ad7113a835794474c44a27692b268485b65fb8cda90cf1127105fab94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
089c5ed41bfdf1545b04984e2b4ba710

SHA1
e645c353272361c91998fdf7942ec607548ee842

SHA256
e5c294c02fb39fe07afba05fe69a332f37763cd98847ebd6b1ce829401f822e3

SHA512
012e8547d85502af734f5f195f4b4eaa42337e84d9b3ac7b511d38635da3d4edf0acfeed75465dccf291eedc326fe817e319c52eead05b0ea75f244a307a2461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
60cf0eff4a0631a9d704af2e9cb0e215

SHA1
4eec287f88c4d757a15c970b7ef632920432fd5c

SHA256
cf478a9e60842a9218b7a1e97ff8b96485d7a95493a1bd6acf25e9ca9895d122

SHA512
e22a0afcec1044c0899f42d8034edacccf7f725bb597e3cb85576ec0a6a5822e37e851f60dc07f0e194f344dd51ce5e1db0e7959b29046aab934d8b8b44d0c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
abcd3bf4be01cd1c00ca831f1c59f517

SHA1
16bdfc97d58fa581df99a7715e8e47314072861a

SHA256
6a198e33b2a5788de3fbdfd4a4638ceedde06877f30c4ff0e3152bfd4de97b56

SHA512
8d470d440aa9fcb236cb53872c9f45492bd0b865f4b4eb7def49ae63956acea21be6e365cda128cf8914848f5d5baf6c36da473cf84531b402061b84f677ab56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4dc2cd321600789d2f6f8edcbfc40962

SHA1
7dd8bdcff3c68c22c2f69cb382bb88a555a0672b

SHA256
ec143366e8433acdcc407c466a8c27d4cd5496f9a9decf2cd82fade812f5e44e

SHA512
55cb4c2a8459fd5618f9931303777b42aa86fc4054436a20a9439a30be5a3602b0fe4961a1d348757b5ec66dcc5a91fc7168fb2aff389ade7f83fb351f17d394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578993.TMP

Filesize
1KB

MD5
21cef1ca839fc5d62c7249740337547b

SHA1
65d3d375d6b6a971f4839e695dc20640b1a25cf6

SHA256
cca6812a2d314692cdba081e31799dd3e04083302c4baa73d84e78258789fcf8

SHA512
ef17abc41780ffc73ae339e11c9d771991824175b3e8b70a76ec4c8e9ae242bcfd53a6f470425dad442f5c1e2a34157c0f9b2a665342dfb54e48684f730d034d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
05d48786ca57c4cba9f45115a3bf5762

SHA1
223cdeb629ead121143b9092605e41fd0f19a6f0

SHA256
4bc72528dfcfce1ea386397bdf99462c277db1975c86a3b20b5862c2e31e24c5

SHA512
df227c42a5842e1a8a9988427430aff42e4e79f8ca1c737607f77b23d22ff5f23704fcee0184f4993583a86b0e85045a26b970abfefdc7df7b7d3185f4bbb72f

Download Submit