hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbnJCVDEzbGZCc0RNRDg4U0liWUhoRkhaeTd4UXxBQ3Jtc0trRXBQNWNCQnlYSEhMVEpmWGtmU0lFanVQbWJoOVZKckZaVnVpNndCUVMtZmQxa25jcTVhTUVOSkFvQm1LSVlncUNKNGhtMGo0dGhOelg4T050TEE5Qlh0ZllWS0dEcll3X3ZQNnFvNndod0RhS2xvNA&q=https%3A%2F%2Fpastebin[.]com%2FVHnxgyBQ&v=FPJDE0Jgdio

Resubmissions

23/02/2024, 06:43

240223-hhcdlsch7t 6

23/02/2024, 06:40

240223-hfmrkach4y 6

23/02/2024, 06:35

240223-hcc3yscg9s 6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnJCVDEzbGZCc0RNRDg4U0liWUhoRkhaeTd4UXxBQ3Jtc0trRXBQNWNCQnlYSEhMVEpmWGtmU0lFanVQbWJoOVZKckZaVnVpNndCUVMtZmQxa25jcTVhTUVOSkFvQm1LSVlncUNKNGhtMGo0dGhOelg4T050TEE5Qlh0ZllWS0dEcll3X3ZQNnFvNndod0RhS2xvNA&q=https%3A%2F%2Fpastebin.com%2FVHnxgyBQ&v=FPJDE0Jgdio

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
49	pastebin.com
50	pastebin.com
48	pastebin.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3316742141-2240921845-2885234760-1000\{58EBAA2F-9093-4053-826C-00821C45AA16}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
3692	msedge.exe
3692	msedge.exe
3084	identity_helper.exe
3084	identity_helper.exe
688	msedge.exe
688	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3692 wrote to memory of 1604	3692	msedge.exe	82
PID 3692 wrote to memory of 1604	3692	msedge.exe	82
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 4472	3692	msedge.exe	89
PID 3692 wrote to memory of 2276	3692	msedge.exe	87
PID 3692 wrote to memory of 2276	3692	msedge.exe	87
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88
PID 3692 wrote to memory of 4564	3692	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnJCVDEzbGZCc0RNRDg4U0liWUhoRkhaeTd4UXxBQ3Jtc0trRXBQNWNCQnlYSEhMVEpmWGtmU0lFanVQbWJoOVZKckZaVnVpNndCUVMtZmQxa25jcTVhTUVOSkFvQm1LSVlncUNKNGhtMGo0dGhOelg4T050TEE5Qlh0ZllWS0dEcll3X3ZQNnFvNndod0RhS2xvNA&q=https%3A%2F%2Fpastebin.com%2FVHnxgyBQ&v=FPJDE0Jgdio
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf38546f8,0x7ffcf3854708,0x7ffcf3854718
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3164 /prefetch:8
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6860 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15036433302599050347,13804059235687442681,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1af9fbc1d4655baf2df9e8948103d616

SHA1
c58d5c208d0d5aab5b6979b64102b0086799b0bf

SHA256
e83daa7b2af963dbb884d82919710164e2337f0f9f5e5c56ee4b7129d160c135

SHA512
714d0ff527a8a24ec5d32a0a2b74e402ee933ea86e42d3e2fb5615c8345e6c09aa1c2ddf2dea53d71c5a666483a3b494b894326fea0cc1d8a06d3b32ec9397d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aa6f46176fbc19ccf3e361dc1135ece0

SHA1
cb1f8c693b88331e9513b77efe47be9e43c43b12

SHA256
2f5ba493c7c4192e9310cea3a96cfec4fd14c6285af6e3659627ab177e560819

SHA512
5d26fdffebeb1eb5adde9f7da19fe7069e364d3f68670013cb0cc3e2b40bf1fbcb9bdebbfe999747caf141c88ccd53bd4acf2074283e4bde46b8c28fbae296f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
129KB

MD5
f09a1c37ba540ee899cc8ffbc8105c07

SHA1
593abef763558c1caa034dc0cae9da4191a95499

SHA256
30dec630e203df906205d2b6e803ad069e5f1348d560a434eaf256c5de6e2433

SHA512
134d742f32b482d8844d247dbfb8dda7cf4e21f6ff8e86207c1a6e6e0aa63a56377672f6f0ae97b070d43e4f2099543b070018beebb20aac28ac067c62d27588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
62KB

MD5
bd7413700347d61e76c331f09e872ad0

SHA1
edcf8c0e570d8f6dd4251bd68a2800d4dfce4235

SHA256
0ea7fbc16f020a826084718b4a536bc6b5d0a8315687b2833f64294d833f25a7

SHA512
90028946c4504663bddcd07afd11ac964b4d34cd63d090f4d1dc2d4ce34ef540efeb6a9f7412dd4a9e5691718fa0927e0f3c52a2d1a5a9e4512e19071a9532ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
31KB

MD5
13cfa53cd77baa3cd8f46b2649ce0a06

SHA1
dbdbfe23ab336a3a5ca28bfca16197624b85955f

SHA256
a2306ee57d806468b732988af50f9c991e0b8d005283339b8c24130a455df109

SHA512
80a07ac13f9b730b90bd81565fd611be03eab85c407819f800772f136ed4b35eb2bb1c56841b2b3ba63236c91d98137138e0f149214216d5af84beaef0f42ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
263KB

MD5
3e4a0ce60ef774a371322c5c67243ae1

SHA1
072cafc1b7d5bdf3f27751d3abb6e868271476bb

SHA256
2b5ab4aa62e03347e8b37460ccf322a4d08f697d04a191a7812d9c7ad59c53b0

SHA512
45cd6396c661fa380327236f07fe3ffe62d692ff5d1eb33c450375f1693c7467b01c983ae41763dc7558d0f142726df08d1b2d1a19bb960dd89864b2233d77ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
16KB

MD5
49295de6ccd23cf80b6418a2d209868f

SHA1
42a955b4560bb22cb9b5b39577f7a691ea345018

SHA256
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa

SHA512
2954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
241KB

MD5
bb21f0142660167a7221733e1d8c52a7

SHA1
9601d6b174ddec3a2d9226e35c3667b5f2384cdc

SHA256
19ab2be029a03c15dfa56da1d466920d96d832ec989b447e0f44328496d2be22

SHA512
910be468b61fe5303303be94831cb58e10896a1c0e408eb367a4e8ca01c0e6183c491c77c20aadf5a4fc90808de90ad70511ccb78a8ab8fcd501e37ac970d432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
928dea3a2c6adf59f1978cf62dce9cae

SHA1
4b7e13dd8b970750008c359da157b3f5909ea465

SHA256
3c667e6013533edebf3d511e947684c7e69d2d2ac6498735ad35193804336b3e

SHA512
5982a5cb42a63ca5b0915458c961121b5b6d8f96b280fbe984bb82110ecf8820430d298e3e499ca66f999d4ac594864559050a207c211d13bec08be6f5476cee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3f7df3c0da9d273af51b831751f26a2b

SHA1
237ef8d43f41ecacca1da84b6691b10cb1c9d04a

SHA256
f493ca496d22aec0f0251867e804e73044a21861c4e1126836119f5a856c8bfe

SHA512
a2b10c4f2ee2a5bbaf7e2919b451e518791aeb0e9bbde95a33ee7ee8a6d94cc8209559e0b541200eb44922d436bbf2b7dd334af971552cd6b2a3498fb3b50452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
c39566b2b0447151da406de2943fbb0d

SHA1
4dc2b9487f2e796898cd5ebc3073bd9f6345c55d

SHA256
4bfeb50e1eec7cad45f5215b72d9f11389f6f5abc92d3a099f198e754a932296

SHA512
5ba3fe0907cc642bceef6595f6c9a801396b3ab95332e6a73d8c60c24a1100552e601abc08b3b3d2d5b450cb8c234b77a282702649319ac45fac93df80f64574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
b7aad0d6665717ff8ed2cc954849493d

SHA1
f820361e5d79f0ba3789d36eefd9929247304c2e

SHA256
bb10706d74c4db8662ebf7f2e91786a76f3434270279975b9460a8ab8729771f

SHA512
ae7c5e1c58b8ad5dc37801b9c31db258ab4020460d017a768eceeacc37a62ae7a073e1b0476f0acff526e4a8fd51269b2496c2de3502c1cf02551dacc21343b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bdf16e081759128e74cefff82e279cbd

SHA1
2d455cd517d72de64ed37aa69a6ad85992933ce1

SHA256
75a58e68bdb5e718640dd10839d174d74edb564b089f8f704a635d21673138be

SHA512
4f955ce5d75c83a8c85e4d9a96e84a882cbdbc4eeedf3538de01ee168f0ee0a118a2d0577ab4cdee987c969cc61cc6ce70327b03d9e9a8b0c0aa12b6ab71a0e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef1d5839b6bcd99b35ae3bb60b2fd81a

SHA1
a60b564e704f660119becc432e4e10bc455e937d

SHA256
352827d5322b3e49023ae243987c64ec9701e4616866c3ae94f649fc631a4f48

SHA512
722460a995b3bb1e7c9504b9286cf34b0a69941d3ed02c9e54d83a44b46493cfd5299e72e29579784d070d879e885471c78fc71c05866f90edfec45406163106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
45b12db6fefed8e7055340db27b09b53

SHA1
49e3143734db123d2c297e0fe5461d05fcbf1211

SHA256
5036285a45cca4adef7279e743d6987d1209d0527c589f233038c595a789d792

SHA512
6d899761e8936fdc8a114c771a73023718d3ffd31d5b38054506aea7684070dff0ffcdd55fc04ed1758c9122a010248979d5420e74d65e81d5f15356a3684b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
854fae39f0ebb8dd91f5bf86863ca160

SHA1
1f1cfae5e167b736c8a331638d91d079f4de2996

SHA256
d4ad3ff86101b340198beef632ffa7c053f06e8a2d4ac2274cd62fdb7edce574

SHA512
10cd90095c9457546b3f0220886be6c83c51fa403a93b088e3ddd876cbee2a7167735c11c81cba99e1040aa6f5b909d196eeaf9c4e36b892006868f9d187e92b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d4b8dc5dedbe82af70e13ee809e71758

SHA1
04bff0c94b6ade795dea3b24ecb176a6fbee2f94

SHA256
69e6c7c2fa98237d784031a457631c8b2e0fef0be820d097e3d76cbf14be1ca7

SHA512
43628ea70c5c8077a887e8d15429e63b42765d8d6ab35988f7b199cdb801f5beff757cd0e86327f13dc2bbb295006d2c12cef187ebe2e9d4ffa57421531fb2e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a88b86ae299034c7f21d605fcf28f0d8

SHA1
19f1d407356b147dca79e59ea9864a6a84f4fe44

SHA256
be501df2eaa72f0897bd10251f9f821205ebbb125bb2175e307ab47793d3a879

SHA512
6852c80363c90736ac3887e0b593e40db9ffec13f658b498a0f636cc6c1dd1ac254402ff3a114267f114f6a328e7493b0bea92bda937596310ffce3d30c5e128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c095f05af4f098d9da9f76cb02f6fb69

SHA1
4af66c99acd3346753daa04920dba43f55e53cc4

SHA256
09935fbc6d0d451ececcc77ca57c945040b65ab72767c1c86259fde07548aee1

SHA512
afa462b5766e3583f8b24ed127c3ec4e25c302799994cf089bbfcae1bffad74c71d88925b6d5f4b3efb25223c84372805fea9b0a2406b0cf955b2ab3429d2c8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8fdcc0e1b1a55922ba3254e9a0474467

SHA1
92f0a3e04f534910ae20512f5bfa921cff39d7e8

SHA256
2ca8d27591e829809c31ecc466f10051dd454db6f6fe595954fb9f6dec0754ec

SHA512
17549c918a666b4394663416d9cbb9b4f1b1de8bd200a51e1d5ede42c9b0b86a298906796c2c57c8a8c91d6a9b67266a1ee48f8f46253924c82b0764a535db0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
b4988637eeebe9c19aa101f1628fc072

SHA1
854ac80c223328fc83aaefd8e7b308f2aea8f649

SHA256
0755c54a265911b58ee908f7f3d3807247a7673427c16848a5d8fc79c41924d5

SHA512
04f74d796c1f08f88c7b370c57ecd9cf2723dc85d38a2088b56f534135e7120d922afd9b0d5e6542ba497a741d7c88b96b536f96189e97b3bb11b3f1c7d2b7af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c758f44b8bb6e019234df78d1c1335d6

SHA1
0449eec44e85b36b70c551b541b4c045f5836f6a

SHA256
7380dda63b39eb8e8eb056fd968eb1ab5b52e80fe786b8c5dd2aaadfdd073426

SHA512
dc03fb7bef547ffddb3baaf3850ffb3d4fe85c503c67b3b0481820bb45366b1a4891e5abf81eaa5fe43a065d51b378e3afafbf5aad8b80bc402aac9da9770f2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3054867ccfd2a95ebd7456c99504ddbd

SHA1
f9f3144a40683e9e30039b91e8cdcab484e42ddb

SHA256
5857e747267925fb0d6723c41aba74aecf23523db58312d8fa90bb0a3860df7a

SHA512
077f06c3c17256a1578077a4c0c904dcdb6737ee07551c3f9c8ae5d9377e297a4ed41bda128950afd4fc14b5c13510373f4d8e51877b403043e8bb9914e6bdd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
50d4e64dde65cc68d3f1a35f607fa346

SHA1
04048fe567c803ac2b8bbb9a8f9003cb7a68491b

SHA256
bd4b7882382aef7af036456ea9c4b74e2967cdf68637333f612c55dfcbb4178e

SHA512
6f06d4141e615458e23f1662edf3d834de18304b49cb4ac041dcc561cea1c548aefd57b5fb78c86a8dc7a4584b23a16298ef86e2ffec9ad1578489381947ccc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
56a62b6cbc70b5aa63123a64027a4a2b

SHA1
d2e6581944b70ae3fb6bff9c6998ac8170c02204

SHA256
30fa3282930f6a9fcbfd2902a47ce7dbe88434be5a6898e6256acf3f52adfb68

SHA512
f44d57fb256c9b0d3de7afb5ab92e9babf75b5792d6cea14e4517f96e0206ec75655efb27bfd073292ec6bc7fcedac5f97a33be4964402bcf7112f1b0fd27902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f5de71fef17132a71eba87d61f34354c

SHA1
d54912f953b34ace425a85d74dab8e1f7841afd9

SHA256
effd48b78d7a1cdf20ec2492ce04a9dc4d8324bbd9404ca309280f98827dfa75

SHA512
57616e87eb1bf4c768423329f58045aa7e2042d38e717a4f3bae9ba90ff7f5b271848b399b9d4fd462bb81513e4060bb7c8552d68badeb3a4585ede8f3f6a73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b826f791d6d2bc014cc525db7ca735e6

SHA1
8358ae7ff9073d83534453764eef1488d14bdd6d

SHA256
b5b6da899abda7fb7a90caa4bb5408b68ea51390e6c73bc93b6905ff3b9e1262

SHA512
d2a8cf42fc475a1cd7026c69fc901151f79085a090d308a4ff29ae64a2179e6d0d265e58ac1568dbfc122746924fdec21de34b1361b17fb8bf94e320952d2a55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ff11.TMP

Filesize
204B

MD5
17eba6ce6683475a576965c843db1076

SHA1
b85621e216a4d5dbe68ce3e6b7fe8607ca6f6909

SHA256
fa94ad0bd37b53c25d1297be6a4d47f01e11a56157712631cd04556c0c8795a8

SHA512
ed55981ff607981ce4ae9de94d77987938fbd13355fff3a43981675827376684dd0dba4b984b8336de39595ed47f2ab3a22fea354e57b859bf57a0c447bdd166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4f415d29f743a7b892c8781172251b96

SHA1
3ca3a7dc5947289413f12801ad56cd903f573351

SHA256
a3248c0b8cc8baca35eead52858cf917150d3aac63d10a8ac6aeb6dd14bb5b7c

SHA512
9a0cd864851166c2df29fa49d8912b6f6a903a1bcc23aefe548ff7de6e65b742482a7c848a7606be0239ad8d101a08d9c8c24f4838b6668cba04d9f15903f50f

Download Submit