hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbnJCVDEzbGZCc0RNRDg4U0liWUhoRkhaeTd4UXxBQ3Jtc0trRXBQNWNCQnlYSEhMVEpmWGtmU0lFanVQbWJoOVZKckZaVnVpNndCUVMtZmQxa25jcTVhTUVOSkFvQm1LSVlncUNKNGhtMGo0dGhOelg4T050TEE5Qlh0ZllWS0dEcll3X3ZQNnFvNndod0RhS2xvNA&q=https%3A%2F%2Fpastebin[.]com%2FVHnxgyBQ&v=FPJDE0Jgdio

Resubmissions

23/02/2024, 06:43

240223-hhcdlsch7t 6

23/02/2024, 06:40

240223-hfmrkach4y 6

23/02/2024, 06:35

240223-hcc3yscg9s 6

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 06:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnJCVDEzbGZCc0RNRDg4U0liWUhoRkhaeTd4UXxBQ3Jtc0trRXBQNWNCQnlYSEhMVEpmWGtmU0lFanVQbWJoOVZKckZaVnVpNndCUVMtZmQxa25jcTVhTUVOSkFvQm1LSVlncUNKNGhtMGo0dGhOelg4T050TEE5Qlh0ZllWS0dEcll3X3ZQNnFvNndod0RhS2xvNA&q=https%3A%2F%2Fpastebin.com%2FVHnxgyBQ&v=FPJDE0Jgdio

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
29	pastebin.com
30	pastebin.com
31	pastebin.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3844919115-497234255-166257750-1000\{638A00DC-41A0-4CFE-AB47-790B829AB39E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
5008	msedge.exe
5008	msedge.exe
8	identity_helper.exe
8	identity_helper.exe
3084	msedge.exe
3084	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 2144	1988	msedge.exe	84
PID 1988 wrote to memory of 2144	1988	msedge.exe	84
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 776	1988	msedge.exe	87
PID 1988 wrote to memory of 5008	1988	msedge.exe	88
PID 1988 wrote to memory of 5008	1988	msedge.exe	88
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89
PID 1988 wrote to memory of 2076	1988	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnJCVDEzbGZCc0RNRDg4U0liWUhoRkhaeTd4UXxBQ3Jtc0trRXBQNWNCQnlYSEhMVEpmWGtmU0lFanVQbWJoOVZKckZaVnVpNndCUVMtZmQxa25jcTVhTUVOSkFvQm1LSVlncUNKNGhtMGo0dGhOelg4T050TEE5Qlh0ZllWS0dEcll3X3ZQNnFvNndod0RhS2xvNA&q=https%3A%2F%2Fpastebin.com%2FVHnxgyBQ&v=FPJDE0Jgdio
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc28946f8,0x7ffdc2894708,0x7ffdc2894718
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2212 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4176 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3772 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2456 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5180 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13796471008623318247,1846305794224988822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
360dd5debf8bf7b89c4d88d29e38446c

SHA1
65afff8c78aeb12c577a523cb77cd58d401b0f82

SHA256
3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef

SHA512
0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fbbaffc5a50295d007ab405b0885ab5

SHA1
518e87df81db1dded184c3e4e3f129cca15baba1

SHA256
b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6

SHA512
011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
37KB

MD5
1db559d5a90934ca4269e4a6dcf5e60f

SHA1
fdd6707c372b71e2d75a928d824ec2ed5794faad

SHA256
3106f79cb71ac20b0fe040ff0f0a5b9fff409fa283e85fbf35c6c98ee77d721d

SHA512
8a9f4135d271569dac43930523bee499050a22bc65dd3dcd0a79f72a667b9c6bf07cb987210bcbbe3525473f94c0efd95bbc2d20ac6e0b34488370bd8d87d751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
30KB

MD5
0a896ffbc0f47ee5330751109c8216ac

SHA1
a211dc17aaa7274706be5fbadac7433d1af2d5d1

SHA256
8de317c4f9ce743d33ce0e39ee723304d126cc19dab22efe76eec215c0934903

SHA512
b3cca57cf9ba3df5ab5ac323058d92315a81c19a84fb360529a7b9966f456266c2895bd71f7b15c0e0d3ba30630e6809154fc90c9af03978e5f7f40959d1f1b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
795KB

MD5
21610a48d0dbdb9ac746f1e6082ab735

SHA1
79f623d89e40634a551aa3622d11ffd351aa0a9c

SHA256
3f6c76281f7688a4ba97e3a0cf2f13b281e789cda5b3910bf1602bc40877ba1e

SHA512
3bf39abbfdd3e4072ccbdd508adbb5f146893c6dd9330a20581e909de69d01931146394c04c57cc1d523f54235f0fe413713d3b0133bd51a09d5fa4d2b5215fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
105KB

MD5
24cab279a1b1479cd2848b4cf4db97d8

SHA1
c59c889167dfa25ea85e0ab5b93db29270cd9a3a

SHA256
2feef54f715ea3e6192ec7a9d30e910044968a41d8fe91fc9b1b469ad574df51

SHA512
d1ec7ed765e5ec1b5e095a917437ddcd783ad01a1d6025f1125906617afc24e1d3a9cd702616d18c4231e5ffe60e5326a8dee855db42bc417568283c310e5c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
155KB

MD5
65b00bec774c969842aceb3199fbe254

SHA1
bd464411b9578497f081a5f8b6c04180b6ee0f0a

SHA256
d604e67e9d16b6b3d2f10687a36ec00597c48288fa60bfa957bd3ca78eadceda

SHA512
0c89ad2ca25ecd9058e42ed477bf6cd1512859c7ac63701206a82f2591b2878acc7f9354b6a23245fd186ca9b3c809cf7700c0e3e43f469c37580d8531d3beac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
109KB

MD5
bb3fc9718561b34e8ab4e7b60bf19da6

SHA1
61c958bedf93d543622351633d91ad9dda838723

SHA256
d6ea500b6752094a4c340d4f5ed01afdca1925006077560d9a3f56054cd8d141

SHA512
97da30e9a0d14e6f9151539b77b2216e0f6b6cc4742f075077f9ff92f46f8b97e82f020c562625261eaa01bcf810ce81c0b7b71340ac566aef1bef5a07dac63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f7b8635d165ddc247d50bff8b27e0f38

SHA1
0a1cd7e492258f198c2f049d971ac3eb43fe997e

SHA256
cb4a9d89493f2016e56153cc5da097103dca2b7b7bba8649fb412963df3e3de4

SHA512
b313dc81c7c9ee2eb69cf05482b0e56fd697e283840326a868295c800b4c5ef718aa6afee7a168e2a54d33d2a0c41bf11b757041f23da0662424174753624631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ad8d98f376dc2534a61e6fbcd43423aa

SHA1
1cac5d20a850fb0a1d506890fb3df694510f687e

SHA256
14c0948470cd7678052a3390c8a5765139802d20636c5268c38981b4893b9a6c

SHA512
062ff5e2aa6e8524bb6701ffb9dc94c1b7008abdf72885d41a22bc6de605435833fcb4dd46544bd2ad8e7059c301b6f9e5fe2cf13847d167ad25a5e4c66b1b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
963eae9d0a6eab5f9078d476083d625d

SHA1
5cb6fb247b5a309c0268a9388fa6afeae5e642e5

SHA256
8fe45ede4be7941ecb0a731c5add69354cff1ed993bd686519b596cf842f0dd5

SHA512
ced22b6b3f4caffa868e588da9caa26ed308cb9011e3766f07ff9412c60b13719d39e5f09b092a01ba507c12490fc1acec18bdbb82a83f669c8a86bff0d291b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54024dcf2ba88a623caa47165cebbe1c

SHA1
2ddc5cf14ce568f66bb742064ea593e74dbe316a

SHA256
c9b2460fed07b730fc67ca0be7595a3d0d916f0ba599c1a3d4b88deb97e3d8de

SHA512
9093a427c2c90aaada922a06becb4e58881c2bd747ed21c57dc993dbf2d31a92a395f523e3a0f4d678c308e040e2ee53adfca8639111de54aaa9e4aad6234825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c0012ac4c7e6fffeef3df2fc628bc658

SHA1
dbc3e69317a41cd09fb4b735aa8d79e8908106d6

SHA256
0e8849b1614fd36127a34dccde9bf3f29740d3b9f26249e5fb5b6143c85a4cf3

SHA512
6c03cff64805f476239954a67c51846ba6a62e497e80d0e8307ec37ecbe9372e5bcf0901e9a44d89fc9b30e13ea323a0216c8461d9c6a24b032f48b0c28769d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
fd9ab3db565a12778f0849b011683123

SHA1
bd8b25afd18b09040a633baf1d360d6f5c8e7f05

SHA256
4703085490a3daea9158eedb8644371947cf4bb6343dea48c1184a9415c04943

SHA512
25d1a56a12442620ffb47e06cde3bd28dfddc029ed4206ddd135f2ae0de4930a5c88717ba04e319b32e8a21c49b8bd8173484957b96e3fc3d9edf24473fe28dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0dcaeca2810c4544ad958d478c75c0fc

SHA1
a2efa829e03269884088e75e9ff8dec12c3f5403

SHA256
aa46fe2687d725cc880a713bba7b602270548e7cc0a8bbb491a3153feaac05fe

SHA512
836242b2b927793e1639f210c930cb243c76522ac04b52c0b35c022608ed81a1374e763cb64623596531226e1f0e3e3b29a966d4d066f34b6a004fcee80e6568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1621614cdd1531f73f3d3647fe1aa159

SHA1
4850f3e3c517184f03d597e311a53c3c6d69eda6

SHA256
627ef6b8febdb374545a2fb51e3ffb7982d27ed4d73696c525bce761b7c80014

SHA512
80606a8eb1d83c824870c82e6f76a34eac6cd717378d970fe4fda55ea5f2b4a1c176c1358d0d21fb7c32944a71502ab63438b1d9af468fdb52b05b0c8d95e470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0efd362886bde9a6f2e0202c7c0267e0

SHA1
974d958aeb3998e8d02443586aee7afec743300f

SHA256
8ba28a1b36f06b50b60bfe30640090aa1fabbac7179140ea948864365c336c04

SHA512
ffe449ff23896cf0cdb8d9339103e2b1d7897abb8250b7d8da3c2ea255c80a643673a9062e475f43208fe4cd74b50571edfb856a6db075174f44b769a3b03570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0ed4f4fba642174bb65a2bc04ca00e9b

SHA1
658595cc05c31b040694f9702278f6c628e3b84c

SHA256
4093c437814a8381355c7e91f9ec1e8c102e91dbc0ae6e50029f40b6c9f7da0f

SHA512
29fb0e27862f6ad9486b32e17e5b452d8bb30f4314f3bdc530fd3c38c98575956848bd8ccd70ce8b2269b1040071a8656c7c1da6f5da0f1098c25fb4ea887399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
174884f9cf34d14483054339195c2914

SHA1
62fb0c6fdd4f8b55b48e4b08a27dac1a3641ae38

SHA256
09804f4db1761751182d6e65dfacf72bdf8505d38169de617a2c2c20c2220265

SHA512
fa9b3ed5a09008678c4a935f9552ea58316eb6c2d3151c6d44240e7c18ca682d0a717e237501691c77c0573ba81e67694510570ff91dafe834fd34bbafdbe0de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a11e423c8dc482e03b674c14351ee76e

SHA1
1ba5a3ae3b569f6343e4e3b9fade447a193f7151

SHA256
30c3c94eb3d329bd112d6362c4dd3ea5c518e5ced5749efff04ca8b47082bda6

SHA512
c26f91e14e0869c71daf0f86ee3796fd86117cdf7cd45fa63f0f7fe98608f2d3745eff3cccca6e429f6fa130a06dff38660d44752ec0611c308d512325dc97e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e31e6c538b78e82bf5a2e49ea5b5246b

SHA1
d52975cf69c9b51f78bac5d8f7ea07cc6d6368e9

SHA256
187d2554f8ec1868d916333cd3df17a7afdfe0093f7830d640d2859bb2e232b3

SHA512
04deb1ad0880e15c4f35eba40982799f4f2e2e4df3bec24a8ec57350b97e4d4e601ac6a13479d6d4764714db53c7d0329f24be9579f9daee355777c6fa088d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
880118a081d9c438813b0ea7b7ff7184

SHA1
c1b6a18e52531daf2d071c77aa9caa300005bdd1

SHA256
9b9f02c07f54fa525983dec883d3b737b1d19c365e8472daacf58fd48e7347fb

SHA512
9c83b7c27f9563951796bce0b9c5f27f023be4fcca9d6efa48c96b300ca030ab6f4d69ab85829d03e076bb7c954db2957cf01d19f153ed59e28e3cd6d99508a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583d43.TMP

Filesize
371B

MD5
4dfa5a7972186ef50b407a3807f2d9be

SHA1
d31583112c415830fd4ac27474945986957fe4b6

SHA256
b133ecd81918a431090ac5361068aed01108f0d496e3f744c48bfb9529444547

SHA512
badb56e5a40d89d5bb0a3582b4e7e50bcf51fa4ba392bf6b6670f85ecf58a103833f91fe55b22891008ef9177ff93586cb6132c574410ae26c4c238682068224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
99aed7c3e1a44ed58424060517ed41d5

SHA1
2f4bba4615081910e6dcaf6129e5ba648f5e23a5

SHA256
9f617ff14d25d1d0437fde5fb83414b275d5d62101717eeaf8bf7746bc3850b5

SHA512
6250e6c2505f1c383eebb81735dba332eccab677dd3b671864511b30653a88927056eca9d3d4edc6203cc8669bf92d7cc15d8328d491b7684428369929713bf9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f61d71702cc9104c3ba95a82921d18d1

SHA1
9edd94010b8d18212431fe8510ae6efadce77b3c

SHA256
91c482aa1a93305b7684fc10b7566d5770beccde309aae84a13b523acb04f483

SHA512
ac59fc9e7c2d41a273bce0377755e0befd37aff2c511fc540734fd62e8f57daeaf59d86341f7f37e59d3741a0f9eecb6176745f9b59a8ce51f191070e774dba2

Download Submit