hxxp://leaderamp[.]com

Analysis

max time kernel
960s
max time network
964s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2024, 15:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://leaderamp.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
3164	msedge.exe
3164	msedge.exe
2476	identity_helper.exe
2476	identity_helper.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3164 wrote to memory of 1800	3164	msedge.exe	83
PID 3164 wrote to memory of 1800	3164	msedge.exe	83
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 2604	3164	msedge.exe	84
PID 3164 wrote to memory of 1508	3164	msedge.exe	85
PID 3164 wrote to memory of 1508	3164	msedge.exe	85
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86
PID 3164 wrote to memory of 4352	3164	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://leaderamp.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab34b46f8,0x7ffab34b4708,0x7ffab34b4718
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2428 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1440 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16101325982453206721,11698633455706550223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:4236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
118KB

MD5
c8be6b0fcc1d30d840a950c07b735b35

SHA1
f133471a97f8ae12696e80c976ff6d3ed33fd79a

SHA256
e838d070236750c4497f13eed997925ad2791fb1c20c7e016655e40cba158ff3

SHA512
1a54004bc003565e9e6ebdf00aa02a0ab91042c103f5f33077060511dc2236630242b86bb6a634dccbf27ed5d643ddd5dc50e5479fd2a3c4fb530372f43c41b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
18KB

MD5
a2fe91ab23cbb55a99998f3677404b64

SHA1
3d07dd25e08da8a5dd6ff5076247c0dbc75416c4

SHA256
0d5e2d0e56c52206a190caf55fb9644cd18c14cfbdd055c7d79d5d1ac3e017c4

SHA512
9a2108c611830bb03a83a5eb5178e6a427b3957bf729c9cb6abd009122bc7b53e0bf7e552029fb9f1ccd6536687fe9497e69eba0acaafc94e7f4967ff2309744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
91KB

MD5
eac0b0bf558891c46b48bd4aac2ec592

SHA1
e501d5626dc4873004c95ef69d796b72fc1be83e

SHA256
a02ab0c8152edadd171dcb9c4335167baa70d2f90efc3aa6e4356da7efcd615c

SHA512
65cfd34a0cbb059b638221f5a8a9ac03ef2d3122efd6be5c2e29104f254d9c55a717029362d2c17b129ac66880b0e23c32a7e90ca195a9d3ef6ba765352dda95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
19KB

MD5
39aababd86f4bd0ebdd34b5af5914307

SHA1
69652f501fa4aaebbd0fdacf1697e89e062e2757

SHA256
9cedde16ee37cb20efd9661b3cbd7693327ee027f82e7615532fdc4ac53f8240

SHA512
8b6ee227b7896719dea7291d5aecca750faa8195bf4f1ea2c6936ab24306891a85efe9cb53e9d2980b4f90cdee114a6f05716d4f2d1c998dd628e11fc9f670c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
42KB

MD5
78e2490aa3604f4189e99c7e2950adff

SHA1
1639eeb7d33dfa0e0a6fe103847e4fb2b991299c

SHA256
da1f8f7d11b465881412f9f09534ddcbcbd7247ec01ddba7cb6a5ca1039aef82

SHA512
ddbd4fb8457fdbfd821badc89f584bae32bdeab88bbf1ca472e75f06f9c72b2c14363df950212ea60836180fce1d578547218ff824e5f278f77fec06d5af4d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
69KB

MD5
74ee1339bd612bd980c827b7bb1f9042

SHA1
9457e58e05d38d2e4711536c90f36ab1af672dd2

SHA256
34b31755ad736c1a3c6eeea737e1da2be00162744ddd2c0af7b08b97aeee49a8

SHA512
08db152849fe1f344c690634feb5d0b9a706dd04c6ac4527c5f94a8e88fc5033722a12f1f4be592c3271dbdb7478e2a9306404f2a9a32caf0981abc8dc814079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
62KB

MD5
1aa696805672fd484eff653ce10238ac

SHA1
5f574dccc5182a5663cbf49099419608ab9e2b27

SHA256
3d3e7ca94040cc62ac426f649c072520687237f17b3683ef425778b4c22a2c4e

SHA512
e3b3b2b2129cd8a0cc485822f6365822ca77f185794cb4e56bc8c2e7f200528c0ce671dbc2f29501f56ee54dd4049145dd8089dba237be845d461d3a46910b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
151KB

MD5
4bf7aa4496541c05c4ecb8dc08bc3762

SHA1
b124accd9dc46885a4b39519e30b43db54de5fe1

SHA256
726d84cb9825503e7b91de4acdd4017a8a1518f305187dc70b734b98e158b441

SHA512
6089d43ca4e04724d3dfff4c39ed01330d92b7a36a5528f9896ee3f340aca4b980acc72d6cbe7141181b93d0c5751bcd82e81e4f0a0ad130d93e95321df1d9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
243KB

MD5
d660ec2a592709b1315c2a2e66715417

SHA1
1c78423e559952526726c1f9303de3acbb8a8436

SHA256
b22f0d11b0a5eb1488f14a9e3d3a30603277e3e802913348bcb1b1bd76f042ee

SHA512
b8acd6f19b13f1ad5e43e7d1876b0ce78c3cb272b5337cea0931785ba326c61f0befeb9e10141b4ad7fe7b115a8ba45fa631df45495e6ef6a347ee448e51dae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
384KB

MD5
d6da9ef08044e65d97d0e89e17325c5a

SHA1
f07e48f75d02961becdcc54f4283a801367643f0

SHA256
57116dbcb3145e0ee94cbfd07351ae37328fbfc904a92ebd7e47991906733bac

SHA512
202e28ed72d97d59799e1cb7a618d9bdb39fc8eb32c7b628976882952c6bdc2cded0416e4c639b10249f238f2f276f0f606853d70af05d8ac86ba4bb956069d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
17KB

MD5
923d34c71ac0f831784c0eab403fd864

SHA1
e5ceb24ced53580ebfc8aa6a1515e68d4aaec361

SHA256
4a2032eeebe57970058c123147662ed2caac9e1ae6f1446b7774281b75b21c6e

SHA512
7e08c75876596f2b22add6b458f2b9472b58878fc0b5a6b4ce3a7d8e3001b0ed4a78802f96d0ef3b899fe477774c956ba2b5147e67ac4d78d823649091c301da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
18KB

MD5
a37e022ac12aec4bc926fde2bee6a61d

SHA1
608024dfe0a5fa3172bd189a817fd9f36ca9510b

SHA256
f91ba29dd67fc6b144aa1c08b56e987ea8accf55478f204d4d20106f519e4bca

SHA512
c4ccc8246b384b3fea1eaadb67c3972095879635f201cad1098b0068c33d903f1c01517399cb535d98c58ec0cd839fba00497bcad6163184519358831b910620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
18KB

MD5
a8a34b3041da4252fda6cf2135265d6f

SHA1
81ffe39de82024d2607ca47cc5b637b14a3e89e6

SHA256
3ce435d7bba65ebd791d14fa212d1910935bbd04c92905df3b5659c98bbb1ba4

SHA512
d9207fb10076c58424a86748e69ec5ae878024709ced9e0fd6c156320b8dbb7b57a75515b73abd5f04cd26209edf8b009d4a93bbb4a29361beb5b6047f5b32e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
17KB

MD5
9f53c45176aff1889a00f9c32bf0cdd8

SHA1
1d719839aac8e7519ebba854b45da5adc3ec8266

SHA256
01c83d0129d0878515598c137c178de3a041a787cf8d41b39b86a3d1ccaf1804

SHA512
25989124a9e7822a5421192e0e2d4e8b13582ec50e53e9a21a34afc4a0745075cd51618f6742f6433684283428289d016fa76f43ba006d17ec3a795da7e309c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
18KB

MD5
22629951f7aad507cab10006aca4c48c

SHA1
3f1eead8ba3e115d2b625e3a48e531bda6289e9f

SHA256
e8e54a6248422163c90de3235ebb4ef2958133bdfe9be1f77fed7b94bae96103

SHA512
1f2ab0dcd343b2e51a6afb70a6bb196aac656e83f587cea3d8bf01efccbc1d17263d5dfea64c206c8be9660d7faeb0539c8fb13be21e01cdf9609e4c0610d7de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
20KB

MD5
b50addcbce7e30c8c2b6e8be275dc8ac

SHA1
e02b2a3e964bb97907c0c2ac1b0fb564a086f24c

SHA256
3de75783d6bb8b6712ef18025c9fd64c6fcf94707da5e8249ea05203de3f6c9c

SHA512
22b4fab926d0e93b10b1db5fd9e293c6fd4f275a1abc91e616d888d983a57e814374ab15d947b1b80c40d314c49962fe56d5a59e586188e42bc16af0e2e4bff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
41KB

MD5
fe0d53a94823df972dbf107bf190771a

SHA1
0ae461e408323c0dd10c6ccfb0a673c6d0a173bf

SHA256
8cb58343dcef08e359f0abd73b1218780ca7ea4eab16f2d9d43ffc272ad91206

SHA512
9064a6a419aef88a9d5f8f8984e7c221df1839e05f2c33a037891acfbcef6e2fe4761509eae72811c0af6993e11954c90c33d37723a3b353bf478bf03c3f4e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
415b59cac6172d6b4a0f581fdad5a236

SHA1
e2b7faaa0f3c7a43f32ecbd73d40f1aa6a4441b2

SHA256
e8f4885cd23c1b069c69449ae571d965fa88633f1a859d86c00e525335e71585

SHA512
e269b9ceb2adcd4047bb464b06f144c9045960819aaa9349d480caccca297c7f172619e62e107bcb3b96ba1ecc4b6bb6cc44a2f28808d676c1847a47764dc0d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
d00cb0b060c0067ec3f58b89cf4d8577

SHA1
6dbb1b3ab1599108e624308cc5abfd312aa81904

SHA256
1c4cf9b4365771e80185a5a94facf410a588be46c92a741d9fb42723f6cca552

SHA512
4134c5a2c5a0ca0b7a7c0163dd524e17a3a13c5876a7f65de0b293d8fe9dd669139642e75f71ff9db46bcf0754ac0f71175144a1920acbe76aa5e85b3459524f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c61d25f226bfea8e715c0586610029ee

SHA1
51cfce231f403c05b2a16aa467147335b3ccb1fa

SHA256
543ee741ae9dcfba3cba257563dbadc1eaf91ba2ace2408f0b1e0494a85307b1

SHA512
69257de74118cfad2d864ce65e76ef8badec0fd291e0a62f89c15a40bc4e5b7ea1244b4352092e2ad6489807566fdbc36b3ed1264994653043416bef4fad5a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
462bf36aede0df4fcfaf32e3b31e8da4

SHA1
0888c9c5e64a46abc910cbee78cbedca24ebafa2

SHA256
2734ac0150269200b5a48586ccb8d83b2f8b59b076488b92cd5dff925be41f3e

SHA512
5d3dcacb92ab75dd40abbb6f2362aad932a991e6e8fac8f98d85cd27bc04aa29331b5a4051c48f9bf2f0865145c3637b7e04b2a84814585a314f9ff59f1a327c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a5207887daba85d33dca9a02e949cc64

SHA1
c96965d0359a5795d8902c395924afca660777a2

SHA256
5864833666bb6a4af593583a74527a4490413a8d2c4f1428bda870105d00b6bc

SHA512
38a06e15ad0a4ccfcdf307bcf352408a8a2f995e42a73705f7b805816f849d61a85f1fdf7edad50dbe80896f0d3b938403b2882f870de4385e280a9f05086460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
896c6cd8b54cb12cd0444115ee200385

SHA1
bd8c704a0e0eeb775f749ce14cc647e3af2df6fd

SHA256
06acc059187a213e14cd09de8ef380e17b01aa5b5ae1ec5143045ab87c6f3ea4

SHA512
c416ec8d4fe94fabd0b83b31d547ed8b1b19615d5686a88318eeda3dfaf9d5099ec4017bd6de55848313fe01c490a9aab5f52fa1169d0a850f3907f67639b017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8c41e498252ea316ab6f066659e151aa

SHA1
fc7c42679215b744fd8dd3c4731173f4480156e3

SHA256
223b7ee1270d10ca16d9d56d8620fef34e451ea2438880788aba51ea3ef70676

SHA512
0c05091cf6c4fd74818751ede76d41da8e69fd29bedab0683591517ce791c3735688214a382a9c274b4cf147b2adaa56647a5963de94d3eb6fcd8eb144e7ee60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9fbf96f00fd36610f5d4eb6f3a68986c

SHA1
af7452529b5293324fb009146fb878f41c23eff0

SHA256
ad31566b70a7d06b89d4fd911e844f6c36936cbb6e12c9eedcf9c6a00ffb403c

SHA512
c05a919da1e4f2cbf47074b3059c51ea6cd7eb263452da6508f42c6a2ad54397365dc2d5dcb320c1ed620f9961eb23881b99241997a908a24706344577fbb21f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8ea41005a4b358b80c72463383c888fd

SHA1
71bdcb2783a2706a417b882f332306b1eeec2693

SHA256
048b4d3bdc1421b238f513770af9f2a9e952de2b6da8b215946bf80d88228401

SHA512
fb3edabc9e35e88c696184daa2f66b81cb5904ff5b6ab3d2c3340658fb148eca470108e259a3071e1f86da05b5af3d7be75928c298258ac87976755170bbc154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3471697aa167cd10c933381cad822944

SHA1
4292766c8bd684fa0c223bd2ec90a7ed529aecc4

SHA256
6931f3a6abbd837e1c2f0752aaad031a3913ebd5e630232dd42fa93e5c716cef

SHA512
cb349f0379ec3e401146c87c8c2e615a6c92853f7c6a66a90d212e89b86bed6927bcc0c978a44442c9072ff209851dab2f3b6a2caf16da1730dbed94add46df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9f5612381debfe6d3f903646c15f274

SHA1
e89444110721d2164908c9213cf8f3ba10ec2cbd

SHA256
e423f287c748e997710da1f9ef6ecf2a8aceb12308048d1f96c972f402870ea5

SHA512
e972cbd34e3c5c2500746e248d361c06612b7966923c3a4214b56237653f3d32ded64f52bfc5cee72d95388a3d29caeb77d03cf91b4199d9c21ff437190e43d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9e581ceb02bc17f605e4a01d2c6671ff

SHA1
41332241acf14bab412ca7fdc4541acf2a50c052

SHA256
e3792ff3785ec04352dd8c483d4fba5480f17a01652b89ec1a23f0b8a2925a79

SHA512
be493c26c37e8fed8c7535fdc96066a9f838cead1d8e8dd1a0a717373c1645caac79944e947f15b07c74e2aaa8b1d5135d962ed5431a0bca8477fc8fce81c35b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
17f6e78cc15109127001faaeb1f97fbc

SHA1
000ef6283b8d99da9ffc98e0d22b5a706096cbba

SHA256
1ee36d82842a8eef9c80b3a6870c9a8b34ac9fc1caf25773272f15eea54d3c89

SHA512
07317f326638fe0ef6b379923d8583012320f9fc417d58dceaa6b55b7dff4d4136155ee6f44b456620dfbbf6e12b80b3635639da86d26bb4d7b14bd4e4f44b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c51fcc40cf5b0440d3f3e92db2ae9570

SHA1
1450edf26ab4cc1097dbf43d6ada90b423f37624

SHA256
8f301c51ac92a89d8717ba919fcc5e81e4119912d108971483b89815fa5f3384

SHA512
baf9cc64d8cd3d0380c3f291dae830ce459a2b62bcd032757643cc37640e1bfe597a4d2ac4f3ef723e6c6cb41c6774c5a471767786ca01a5e4cc21e0fd6d7b39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e13b7ce38b7f9e194d471558640ca0be

SHA1
14248d693e143c3a55fae36df112a7fd82f59e7c

SHA256
ebf3720e1743448ef44840ae0cb2609b255b0e42cf67433c8482a69065a02538

SHA512
bd86c27a20eeb38fed60932e8f3fd470d194e29caadd6bf1881403874f41453daccf565fd192e9064f5a5038b03c9dfb274cd1a73e50f81b9c36461a45642024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
17505568d61086211cbddfe94f1af0cf

SHA1
bc69fd38598543bb35a929f25ae4638e0f7e1f06

SHA256
a9a4e04b3dd127fcda8e34575fd31abccb7525c273208e2d6feffdce79443c48

SHA512
e601bcf494b45e2b6e6d79d9bc6db78fb69d27e36023bd1a21fe59264f8acaf13ab7aede8fc0cd6a6a515b366367574a5f91b6b8b8066c549ad2da7c73f93d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
af37d8c0c798764298f08a151f3984c5

SHA1
6bf48f18d8fab9c46728828f192a57ad73df65d9

SHA256
6bea95edc8b7ae12bbdbe56ce0f0f977d791caf14d5984c308d98a5c72b92a18

SHA512
e94e73e140168046cb0ae581bb9b98101514c33f0d1cc9ede0f4c38b576f8db883a43f4e959c98e0b316a034de015a4db36964155af9d56fd9f78caff68c0517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1d2316574a9d1fbb9ef737acad2509d5

SHA1
b623a811aba0772ec1661fc301bbcb7d7abaef1d

SHA256
1ac5d8813f7cae4ee62e4e2bafb84b220e0429ae33e205e78ef703a1f6ba30c4

SHA512
75a50397884b0a5d8824cbaa245b13183a8ffbff138fa63136fcf806650533d3fd095df4c748b1684278f13a00294b782cfacf811545dfd557fe7cf2d84722ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
47687884742371f1b27623c683f0430c

SHA1
ce2122360c7d909bd04ab45dfe8f7d130ad8a757

SHA256
bc0f1beda5872e72e30773732ce08b8861de76eafea36787492daaa9b6321841

SHA512
d5acef238f038c80d3a296c02a446a2141f42f4d748ca8bde889b5c2b96237c54646ab68b74f75058c415d7140fd57be5373c40b8cd860a5e6b4a5ba91c60969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
4f72009f26586410db077fd9be9269cf

SHA1
1f83d5126f81a883c869a250686961fe172b4caa

SHA256
fb3850ceea5772b6c133953bdc706714ea2df278d6139313d09cd1373bdfb05b

SHA512
fec581e7eb266656e910a7568419f930cb8b86bf58e9f6630305685cb9a195e6121847ad38d85d20e33f3623f3107f691edacfa61c0ec7e70b31f003e0c7fa84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
3a624e09761c73bceab95df9142b22d4

SHA1
bc8a9e98da044070f094b0bc138117cae58346b7

SHA256
06b0e3eed10d41c5ee451652e4239b737b080a9f24b795c32152b4facfa422cc

SHA512
e759d8bdcb8bd39aec50e263daa9aa2e37c3e74d0634e21c0c9c1596094ed257ac2e38afcf80baca182e733de17efd1c43a6bd678caac42a043e36d051524ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6d75e0d43b1850876cb8b86b7ba210b3

SHA1
1430e1bb514c74e9025ee53745f525d86345f003

SHA256
1dcb418b1406c87cacad2cf0100ec0521ac14861e4bf8cd657b92a43d62286e6

SHA512
3a0ad9362cce34c102cf46b92f595a264a673d214e2695a8b06e4947ca8be94cb456f9ad3c99a29110ab0d09189a7f0126211a51c15aea739a5cff5bda9f34ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58600d.TMP

Filesize
371B

MD5
489d0f5f81d5056bc79ba3fa29eac4cc

SHA1
aae37961c2bc422cfbac7dc22041f26d818332d6

SHA256
2346edc7ab305c82f77b80c4de43e5948428392c7e8ec116c36d1e21da20649f

SHA512
8fd0e518fb6a05299dc8a3fdc19483669711484338064495e937a1255e198c250ff6c8883ef62cd4253d8ba79d3de6fbd6b7c2f01c4c98bab94695bd8e342b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
32f15ce0d4a5731d9b9bf995034d65a3

SHA1
3a4c6f57f85a3c5258a70633d46d8c10ac406a92

SHA256
6ea281c00c788446d695bff56ffdc51ef9c9987d0707f5afbf131a5345ebdc85

SHA512
c212309c1d8ecbbb479f3741d0b86ac4c814c1c21432ac2b5294ed7abcc1edf3e5ad86b1faa22350da4fc39f149a4b7b0a8c52ddba627f4b053f2ae49d438d04

Download Submit