hxxp://fuckmeplease[.]net | Triage

Analysis

max time kernel
240s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 10:01

Sharing

Report Analysis Logs

General

Target

http://fuckmeplease.net

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
5016	msedge.exe
5016	msedge.exe
1372	identity_helper.exe
1372	identity_helper.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5016 wrote to memory of 1748	5016	msedge.exe	83
PID 5016 wrote to memory of 1748	5016	msedge.exe	83
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 464	5016	msedge.exe	84
PID 5016 wrote to memory of 2296	5016	msedge.exe	85
PID 5016 wrote to memory of 2296	5016	msedge.exe	85
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86
PID 5016 wrote to memory of 3516	5016	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fuckmeplease.net
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff9df2f46f8,0x7ff9df2f4708,0x7ff9df2f4718
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2476 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5997733969356389935,10134735878266140788,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
69KB

MD5
52ca162cf481d77846339e477477b027

SHA1
16755e8025393ff20c589e23b4f15f6744d1946c

SHA256
98d002be1463e6167ddb91d416dab1db3517817cf2aea6330ab857404a068e37

SHA512
5fc875cfcafdb0f87f829d7fd5838004891b678306a6978587d4421325036fbb1844b448ee7715046ac41b77c8c7b3eb77e329f8962ad7fc94168bf5555da976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
43KB

MD5
54431990db74934b907f505f7e117aab

SHA1
4c473b8d681e45b6f890c2b32dc4e3887ea00696

SHA256
e0a8d78bdb255dd8757c0e8b403e0ac706a68030d50130a121ef8fe67729a821

SHA512
50d0cb6d0b21bd37dab2a7df5b02e08a742145908863e4d71bfdda6b230b10f04e6b3991ba7b7eed9c25b9c25bdbc6ea61917953491bfac84559e59051a66dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
51KB

MD5
6846d985ad92dd1c800b52398f09f134

SHA1
e8ee52787b5bc3d1f2b8e9bd0fd14a0ef00a9606

SHA256
fb99e7baf58caaa73ccee2bcff24ee3bbb374930c54b3fa97be3ce75d673b4bb

SHA512
500d3463cf3dd03c004c08adb56814365fc7ae6593c9b95d07628e38b8b1bc2eecabcea4e9bf3555493f1d7db6083ab01e72c6e5efad11ee41904c00266881fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
48KB

MD5
f90db415ab9bfe855f3371ac5009cefc

SHA1
5dece5ffb1dbb3fc09c6c0af2a506d96d88b2424

SHA256
0245adf5e91701d711f519079b780df3353ebaacc99414b5d4fcd24718fc38f9

SHA512
7c71ddc69c98ad632b5c60fe654d06316b6ab1966629b3c20456c5194f729b521758ecdc85aae2d98c0547c8c7abcb27c729aaa6b02b9ed1261c82002c819c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
56KB

MD5
ec595ca932e134d2ce8c961b7d3be474

SHA1
480def0cb672926d20884e64dd2db079786e3bb4

SHA256
e4eb6fc3bd41366de4d21926f523aa203f4052c8adf732ef60c4d8caa3c2d411

SHA512
8d43e3b42f5f2771e306001dbf0c7c2bd95e0729c5c15cef225e669bc3355eab8b1ee418e46feacaf1afa9b32f6acfc3d0608bcf5b55636decdb16ed65d999f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
127KB

MD5
294d9eb553f5b5833c6b34b11502993f

SHA1
c38685aa6382078cd586e1561823148d5d3d091c

SHA256
a544b7c58fc06025c7b2b01efe063d4696c156e151b69adbd474fd3ac494f65c

SHA512
5016462740b67c93176b7a6b958c43e930b726e13ca17b1bc37f4fe64e7523b5593a7a969f3506f2a25d04e9644144b9c10db409863dba2ba72dd43f141af405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
eebfa9c51c4fbd6a8661d894c3e2d2fc

SHA1
cdc452962ec81d7ad252693c35ef16543a066348

SHA256
cb65bf5db99a200aaf6df42b0fba07fa62fdb6bbd68e89a0df42fc7c771e749e

SHA512
ed837d59059354b5202115e75af6c7ec2e35730d69c9e5783e03fabedf097069b6b8a97c083817fcee2f9eddc4f382452f2c5dcede1c3cb67272bed9a9b93f0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f27eec20cd900d1d85a083bd3dc071e1

SHA1
975868841eeffcca213896b00dac78ad12b050d1

SHA256
93269f50334596448423647eca54153a76493abb0037e3440e4de13a5deb2624

SHA512
a5be5f24c86b124bcff9534accfd65c3254549842bf09190437aa76b0e83fbd310abc3f8e91bf86fe9890e076131eaf6e756858d9c0c2267dd799c667c6720b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\004\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
159898f6c7b2dc4bb1a561220d2efbf8

SHA1
bcdba6a45d7071e5f994ce2b10b6d89ab85bfa80

SHA256
362461887c5b03f8e74c58836ccfb3fab87550f5b56337d33fe4638c56cbff57

SHA512
db0bd941a7f8dd955d8cb5f1ffdc6d25e2934f08faa3547763ff42f12bd584ea927e83f18cb0b9cd12893027b2f8361287401a2823b1688bc432f80168d67334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7a32ada4f9475491234cf4f30005c3a1

SHA1
64fdb4b0f8e37bfab3e799fc24855ba4936dc2e5

SHA256
387904980f48f82edf6466361b8e9cb1dbcfcd7bc0f9fc7939d53cf72e0eaf65

SHA512
b807faf048f82db6ba052ec28740bd73d12273df80333bfac3ee10e037e581713b8968a401913f3009b6fb861de417600f0e0c8b9eb8f596aaddbc5bedad1ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9931a99cb41de430d0a2674f177ddfbe

SHA1
7d9e07b33d7f87bff228e0e79540cec77e0a9b06

SHA256
0b2eaa6241d6bb6bc893b8b0bc71b4ee3af7dc3758d6c1927bf6cf78e0a8e563

SHA512
6a30e5f8eae55e5651fd4ebd544c4c06c96ec3fa1344e75970a3ce8edaf74fa8bf3e6bd6072deebb24e3eff293baf1ace29e620b8f021ad68a5a8cf6c92decd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5ed221d4e48c861745b5fdcc79431b37

SHA1
62e7d8b5af60fee2097684359730cd42a3edadb5

SHA256
682bca6e7f1c69c8b4ab08b110b98dfb42d53f90b3e2327309ec52749d2a8acc

SHA512
f7962bf6714c2c67b23c57d126078afff18b374cbf176a3c49f1801adeaee90eaba7550cad27a3f4bc04960a96f8d39a459d2ae5db03815172d6615617050ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b092c57dba97eca2965c0d419345247c

SHA1
0c3f2311d4ad1c2739dbef34f890852b9eb090bd

SHA256
676beb563c13ca3adadca9497ea67e3ccf088029243a4f2917cc274cd5810beb

SHA512
cf572c04dedbbf365d176c10c7e317cc44727ce5616fb8d11a5b799e1e66dfbbba99ad546aa95081ffb5db4c2d646c01d59b9f1a808d66363d1bce107d15836d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
941cb454d84d1f76626af57a21c78833

SHA1
9b5db596347a251ef7e9334a743a0d298346b108

SHA256
c9bd012e435f9fcfce007092c248c22fd924638d39c9f500742fc0f7a3420f8b

SHA512
da498b69ca227f1821e66d89ff2af023b72738e47c78740758e61d3d9430318c2fc89c36cabdf09af82c1d842384fe44747926e0d65d3013a7bd1e60b456fcff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
72d2a2a26dc84816297b2ed0b0173b1e

SHA1
9334b945895b8167459191323ede18dfda2f9de5

SHA256
e7614a38e3911f1b21d2caa8051400752add1cedaac06c12d63147c94ae2b362

SHA512
8d2dc9554be33886753f4b88b2f26edb28a2d0bae41a5027ab6e8ce312c6e14e2f09eba21f9a9169ce2cbb3ad89c71f66f627eda45da86b29e3668d6e18fc800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c11b1ead8e549f11d888854ac08208da

SHA1
3ac4bfc886ddf8e7ea71fff5d114878d5d6e0fe0

SHA256
10b0c52ba4030532aa37dbb1f9e2256abdaa1e3ff35bdff3dbd6887091ac239e

SHA512
f15af5797141d83d73afade0875c394caab1087e658f9f4301efb47cff41d98a95e7587b360d899e23eb9e720e1dfc2ff87d6832d9aa897cfa828c422b707459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
979cc906ca8389a6c239cf44ebca01ad

SHA1
c959e01637984e06678a00959e1b48854e4cafc7

SHA256
7a388dbf572d2d9b20ef808bac92ff5d395b08e00a42974f7c9fd79d5435b8ab

SHA512
d83febaefb4392d654a18c2d5fdb19d2f0fbf0b296fa7ffcbe31bc973526cce14cd3f0e8eca32728859ae12604527dc8c484d7f02eba49f75995e4c623f865e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3c651d2092e6da2e8ed9d38be103909d

SHA1
39ddf2d958d94c423a39b4235726766b4e3954a9

SHA256
54e228016b859908818d471880b1778705951c009ca1dc10e3e43030eb65c18a

SHA512
70652ee27608aa72f29f893f4f7af6bca6b5ddc47b90b0438c30135b14d00cadf7d2daf2ba9e24c8443e307a49c2b8ffa27cc4b90766d730041936d683a4c631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4c779df0ba5380b170c785d2ec36a792

SHA1
e36a2740df011468a9befe21a68d1eb198f78446

SHA256
a99eaf8a4927d18ea62523579e6addb17946071df6588f93ce59c30e2319f001

SHA512
c6b60d3f3bec9476ad5bf9b59322b974ed21fcaabfb1aee76ebbec1a4dae94635c5c6cf6fafd4c6ed81120cdbf4b8205e6b436c96ba6ad9f288d4c599ae86565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
c6feab0d1a753f5de576806054cba359

SHA1
51d64f71ba4bacce09aa51bafdfe6ff659043bde

SHA256
83f287e8f363f0ecc0c5fd2e762e6f27e3c360b4ceb86fde615dfac6e5d9a8e0

SHA512
c00b77e7edbbdd35e6f9a0c884257d42017a0cf65aa9981b001f728788712e862b6b83f1ac4e902ceb26bdddf205ca49078b14e4fd0316ac772d9c53d37b6d99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f5727cc295e77399fb40601c7184e67

SHA1
8401b42797a2ea9fbd58633372f06c1daf179ef3

SHA256
770902c8ac90c6c318badb0d009e9dba3fc5de067ef5a6b01156c9cfd2529138

SHA512
93b308454e89a4ea3fef79626bbc0d7a1ef3cc3ba38f6f6e976251c3c7538e3f6084eda2b415500e2bd85412ffdb1222382bda3dbecc15e64927febc18287c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
494373f4c40d161dc4e25fc175cd80d0

SHA1
e728c295c0444c10e891beccfc48ba8e73cf8f36

SHA256
7868f6abf9e54d786708ffd5a829c90fa2c58528369bcacd69cf1bfc3bfc24c1

SHA512
1bdfcec6a641d2a3a02c5107d0edb9fa1ee0f1698a2a74688c5f9287515b9a54e38ecce966b7c0f3738062a110c5533aa59d38cb2f6b730f255f5a21eb3418de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b60033ee4bc5e53683db6e8e4651d020

SHA1
863097724cca2b96acc6a2d836f9cfd20e27cd77

SHA256
e3f7877eb3d0790e1076cd187d63c20f0dc85ce49e8f90b87e614e809215f528

SHA512
41501594c6327037e7f1dc22ebae0f26f3d7b9175402750d0b217ea1602619de3fb7a9c5a1963027f56fb9e5db99fefb13e4e7efbcef72b8d3d3f781d9ac85e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
afc1254f2c6085b9276920cac4080a98

SHA1
c385ceacc607c752a9dd432ee252d7cadd2dcdd7

SHA256
2469df8aa5717e94e44d350c919decf40f39bff362b61715fda6096fa8b5933d

SHA512
4e5ab94a101bfa92885cb782415623a89cff6e89383e2f7c833ec6a67d52113a30981be3d313c1e140ddbd86974c0b963aa9535dede6cf9753943bf3dadd9f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ab7636c12b7e76d84bb2b61747c665d

SHA1
711e8a4c5cc441469c1998f23c6f64fc15916310

SHA256
62dcf03ac5a6fd125e0a3d3bd777e6fd78d242be9ee5e185d0d5be939950f76a

SHA512
1a43fbf4a5455095093b85e48e1e7573e83460bed927d35ec5b184adb15254b8621963da1533913ba91dffa1cdc6a0c3a928ee60420a5946c44761b6e6c51214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8e58d9ef1b4c09ef1742864427f99ce8

SHA1
5acd9fcfbf79c0b10461826323ab337f7c2ee68f

SHA256
419e8344c9d5a262aa763e5b5315a427fec2c65020060a88e8578eb8bf081075

SHA512
3e9f88f205fda633711338f8e620a23cdc5df37926d0fdb484a3302918d1a409fbabfc16f08056b201a5c33331657ef7954a65a5b4f78c3eb00496458fcd9050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5831b9.TMP

Filesize
540B

MD5
ff32abcdc327a751c6d2c7fc27bacd76

SHA1
38a4fdc279e1e8449cd47e7dff1927c35dc9a5a8

SHA256
ba2cd3bb1e15c2e0912a7a06f9b0f4f3c60201e6161f91919092092d33a941bf

SHA512
ac1d9f91123d38ec23d0e68e021a7eb244e403979f6d2c664ad09c7764803f869cf797961f91e6a79a8380cce09f31fe7e4a1c9c291b1f590cdef436b7a10106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e9ebd0d387fbe92d3cb0d1f36f41c67d

SHA1
1a60125a6f2e1c9360a4653c51110043abb07bd7

SHA256
6628a66d7ca280c76d439af0e21478e3a11f263133bebfaa102d40a254c61c70

SHA512
0b4931e3c4baefa0879453b6f8d11d2ac61dc68066566efee6ae3af8e97ce6f920fa5660524f90ab7898a01a438f7e6feb5e0ad445b87bcb67114db2f136ba3c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit