hxxps://ytmp3[.]vin/

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ytmp3.vin/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1790404759-2178872477-2616469472-1000\{B9D1FAA6-F513-4AC1-94F9-225EC55D2E7E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe
832	msedge.exe
832	msedge.exe
628	identity_helper.exe
628	identity_helper.exe
4448	msedge.exe
4448	msedge.exe
6108	msedge.exe
6108	msedge.exe
6108	msedge.exe
6108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2300	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2300	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 5000	832	msedge.exe	56
PID 832 wrote to memory of 5000	832	msedge.exe	56
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 2736	832	msedge.exe	88
PID 832 wrote to memory of 4692	832	msedge.exe	87
PID 832 wrote to memory of 4692	832	msedge.exe	87
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89
PID 832 wrote to memory of 1896	832	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ytmp3.vin/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdedd046f8,0x7ffdedd04708,0x7ffdedd04718
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6880 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5840027758466496499,12073414834751700688,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338 0x4ac
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3bde7b7b0c0c9c66bdd8e3f712bd71eb

SHA1
266bd462e249f029df05311255a15c8f42719acc

SHA256
2ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a

SHA512
5fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9cafa4c8eee7ab605ab279aafd19cc14

SHA1
e362e5d37d1a79e7b4a8642b068934e4571a55f1

SHA256
d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166

SHA512
eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\61a04f6f-772b-466b-b31a-7df6f1fb3421.tmp

Filesize
1KB

MD5
419efd9f7577568d0cfba3b6e43a5cde

SHA1
4f852fd515f73566770d048b40955a52e83cc199

SHA256
97e1cf8e608de6eaf3dcafd92d2f0a25d1e8eb9e677cff0e758eae107f420611

SHA512
bba84292b30870d218e12fc88df52b03567c990b7cb67a11e3e0c0dc1fa795cfaaeac5fab80892dce638c7565e28d5f22bcf53f7ecc0a1bfeb11a270f81741f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
128KB

MD5
b7109f317fde9e6f9755f5cbe948ac84

SHA1
a4987372421021390594377ade102ca0bac2303e

SHA256
c4cfff749d63d3a5023d74758de73f951c5db194305abfc3d8b27861ca45d313

SHA512
f14385e4d17bba96cdc217d584ba3f7a9b2a0acf43e4bb5905c240a8533164c7702308d4ff272708fbf662650a230f0405dcb2caa584d5a952b6da955fae6370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
94KB

MD5
422f42b285cdfb24ff33ce5b7e1ea9d4

SHA1
8eb3de0258eed2c72340d4c7e0296f7d7d75dfeb

SHA256
796d2b266b0d063fccd899ea3cdbdac0f8aaf9db4a416d1e19c4ad2d5b5c493f

SHA512
accbc16258da77f259e90cca9d6b09d100316b077bd4867e9637d9f1c7ccd01bc9bc5fc3566b10e9e9dfe8c89735f0d2ead340f0d088afc2529326103e8ee473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
47KB

MD5
7cf459fb6a385376d557bfc91d964087

SHA1
43df1c5a3fd47487a815871ae01ff4da157bcac0

SHA256
6228b80b1a0b5e74b5ec45368b7d8254f3d03538ee1f9f1a6981a116d28ba979

SHA512
a3c8499d7181602790919cf14fa31c64aa5c26e179f72ea1649eb37651170a7f7e1b84858809fb5473932080d9b11ed7a9b28d9d9f61b283e05eaebd5c19cc34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
14KB

MD5
b002c0bd899103bf4042a87225b0983c

SHA1
beb2157a8f3231679e0bc20dde070c13f7409d98

SHA256
f3ba2aedfb5aa8ef12b13f208046e262504e6b1a959473eba8f96ebf6f88964b

SHA512
8ff91143011836e1d13cbfd05a392d9213ffb578f76f19bf0fee4332d88d72d2f258552aa19e7a0f35448a1940a3053bc4e2bcd9a73c156d0f9651f653adde81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
31KB

MD5
4c47f67b4f8335e3dc3a778fa84a3637

SHA1
4e2aedf7cd05fa7e9bb469b02e9e9c9e5ee25e81

SHA256
c2fd94c17833abc2adb5f9e6095e08ca8aa14af9821d1fe754327f7aa73cb9b6

SHA512
119175e24a55fa84ea58cc72e7dff7952f1281d1d6890236b9e37e508005e6ae931907ac86bb07d6b5b5d8b737f5657fc7eca3c76a9217ff76972dc31f957349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
33KB

MD5
63f8ce93cd5b30f76b0a6cd029b7d354

SHA1
3ff83134ad10ff1e5c8da09db619a0274e5e8546

SHA256
35b6dba4a78fb19170305143a6f3740fe43a43ae35471709431d8391786c55ab

SHA512
7adf420a457e00639565a3f5918c8dee5026307ba37d71b3471cebb4313ac29897f1860ed22eda7caa44a563911987efdc4ff9f686f228d1ea9876e76a9484df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8a5d17acfa85db530a7d0b606b4b011a

SHA1
f234178156af8857dd5a5a5df62d846390a28d63

SHA256
c949f8f979ae4b260c417151aa627f5f997728c0d3932677c09c3957f4677001

SHA512
6cf6e3d4fbaf797b9d0588b05ef29d441ab0acb2d65b843142124656d8ce8496bdcb870f9663bc06c9c01abc3b7cda196842042e1f8b76a3c7a3d534d99c41dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
41088ac6b62263122ac3589e1ff296db

SHA1
a32f95c1871f572b194621b3f2c6e75660327a17

SHA256
0f632abb5c220ea1464b12699b3513e7020260cfdbcf4e6f007ceaf5c01a9920

SHA512
8900aee53d7554b0892e2806bdc11f6be4ae55208e07f3d901ddf6b323f4ee940610937b1bc5e169aff96b849d1d93bc6a57cea09410a94069f94787d8075ac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
60f6172f41f775da79fb97c5b708e1cf

SHA1
bfede3326cf7b6afe0ed11e8348f7de3d014de8b

SHA256
909faebe6ab42f23814f465e9d6edde9d4cac8117ab62ecc8fb9e442d2a774d8

SHA512
de62836cf4ee6b7b40d38b40edd20795277d6156437836bab691136334bcbce24a87f9376c815ef78b272b14cc2d4e8a49360c5866fe89d66629ea104f81a179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ed2f271e7db285d51b155828592d228

SHA1
7cfd06808583276f4411b3edf11de38a21f0b6e8

SHA256
cd31803123d30eeabcb8fcd587ae7b70908bad37ac230d4ac354d20e84830f48

SHA512
3266a47107100d7d96e8b17f6b7e46033097a595e2ca67cef43204a428bdd6381ff78ea2f903af16daabd2637ba0dcd496b2c502ea56e3d61bca89af73033502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3ffe6b8ccd46e1cdf117a9ac82d56fa6

SHA1
941ed1354e2426fb620edccf8f0f2dac285168ba

SHA256
e2b796664ba93454309f65be00ee6971522522a83cd909b63feaa9f178735668

SHA512
f8905860f3ae05968a5cafaecfafc02c2c36c1dd9c511fe01ad267329b725005c69b690349ebb043f3646018cd61742ad31d99a04a9f1aea3ac98df3dfb7881f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aba9f257d5d4d05e8ae3346bcec0c0d7

SHA1
34fbfcf9ed7e9d7618ada74a880682c9f0e71cf7

SHA256
fdc60e0349dc2be9df5d382fcccffc0f9e44ac67257339fa3d991dff40328735

SHA512
5847eddc2f09bef89171e1fab39a5362757ba4004b7548f1829592eb786d2ab5928e58a8d742098d2447e036abfcb453b068d3baad593b14fc1f257e29afdfea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6c66f4caf2713a85f8687a088915360b

SHA1
579d0914643d5985b28dc1ab9a0e4135a124f599

SHA256
690e0c49f7026ecfebb7622b9a20dbf767607440ed392646a455bf006601c8f6

SHA512
eeb56968d5806499b43105bc82a9cc3c8c8bf0d9a784057da3903bcbc8d13cb64c52007a2abd4940791af2cb1fc401eac45450f073f668bfffa8f7a793408d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c733116ace1e9f78f31182f6b081353

SHA1
8abeacaf2935f611dbca81b84cbf903975025b0b

SHA256
0caf218399bc652d1d3c6e7b195410f4a63e4a9680ffe0edba131f545f622ce1

SHA512
51246e6b6cb98777d328ff4b1589bbbf54bd5d3156dd7b3dd0e853726e717e9ae9c44b101a777f512bec02c51bdfe867cab7bff5e35850e2df8d9bea0eaf5156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\16afc6e4-41f5-4f28-9375-11fa81e12ddf\index-dir\the-real-index

Filesize
2KB

MD5
1ca42801bfcb176713c6f8f554010003

SHA1
aa1e65330f82434e0f8beec1b5bfe4f0a368e8c6

SHA256
872e41c76f72ad62289ba18f5d2f95c11f97f0de273799f5620047028d8016cb

SHA512
107b8459fd5e1ebfc348c49429047cd8d665142cda5100f447d378e186f59c19f4619513c4a9fbf411a10c194d272162896a4dfb2e4e8cf1ccbf0e4996b45652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\16afc6e4-41f5-4f28-9375-11fa81e12ddf\index-dir\the-real-index~RFe57edfa.TMP

Filesize
48B

MD5
2cefa71922bb6a80cbb5bc08a94f48d1

SHA1
a48d1a19ae674dad494c8ca8897b3f44d52704a5

SHA256
7ddb1c1420beb15c9e8181b6fdf10a2a3a90c41b3e050dce08d2084cd248d0c4

SHA512
69bfdd59b145f24533d44068101cd9391107b834463a077de8d25b20a1eac3b2d7d62282f981fecd472e40dc5612e49c45c0d813db9ab030d7d107ccce7d94c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\373698eb-761e-4288-8cf6-93cddef43070\index-dir\the-real-index

Filesize
624B

MD5
deb0dd14354ff7fb199e0a69981db539

SHA1
c884642ebf3473b740b29116bb1ee2573793786c

SHA256
399c531f6e8b0377150bf8612c9cff119214dc01b8e521f08265e56159a8c000

SHA512
4ec0e1f6d25bad55988363a441cce714b82d689b529ea99e9daa062715f1a62557627b5a4cb25ff93fe89704ea898abe9282768b67f8f716598635b43ea7a907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\373698eb-761e-4288-8cf6-93cddef43070\index-dir\the-real-index~RFe585f9f.TMP

Filesize
48B

MD5
4fca7f24f5ea742918bc10e97755c95d

SHA1
4156805cc3039a0edc546f766df81ba9a3aac9ad

SHA256
8520b5bfc63419bfa6a3ae89f11556c15c568336c465b31f4691ac12501b5cbe

SHA512
c8d558a52f315a9c989369643c7ff60d172d08ee29e4699c9e9c67e718c12195378ca28a024db4c1af9c10f6549ebfc4a888187ef20edacdb39a0a7dce4ba3bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d2b19098-6685-496d-a860-73a2b118e1e8\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
23d7ed58eb81c48a30d66d7a3b0dc40d

SHA1
66ff647d37a189c834728f0eadad8a0f934d46fc

SHA256
16ebd591f0302e7a7974f828ed2f3ea73650b5dd3402b8c120de98413b4aaf00

SHA512
683562e49ca9ff372365a9cd65fe1eacd327299306c8de5a1bcb6813f53b2de576cebc038c9f96390964caaaf9fc5dbb120b1e17e6703559fe69d6b7d18d63b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
e9fa7dfb76ee66c77c473b39fca152ab

SHA1
18f7294de1cff3061b2b4b89466001a7c1c8dd6c

SHA256
8d89cd9a4d80caca077706b47b4b3c23c79841e57d36f5336e6080a1e1b25b05

SHA512
cc546f10a0e296f2e7b628d5009f30cc13d48388b99184e87478e9412bde06e59c05f2b878afd67108578337b32d275f232b95faf1830d760ab31537b964b03a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
5ae7344286d7e07a978e685bf916490e

SHA1
10ebefeca01e1ed3424e43c9e54215ab96fed499

SHA256
0156b463818cc6d17f9e39bec8b804f13f22d1ae9fefc44fc2ed3570009695ee

SHA512
b76071b47e009415aa8ea08a378322ecf55fed0de4c1684f4ab97a6c9fe7151d51b37aff660ec0e5af7637777ee4e47cd1fc458ea18252b279ee7c6f6c640b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
98ad0daf701ede5124e96ee8f5937077

SHA1
640f9924ab9fc169a8c540cc29d2e8edbbb0e080

SHA256
cd7656f1af8e8a8c53d4da99cacc71701bc245c1295b79e7e14940b22803753a

SHA512
da9b63c0d9c9c6a5c7368ab73c647d9cf7c6da8012e8201be560d17d51790e1928515131c5514290053a30aaee612f434ad11a5a6680e452dfc20d795a4e5a06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
6821cfbac30754e9e5844478a9cb4352

SHA1
6473950584f2278a2a631a2979496cc52a8e62e0

SHA256
0db8f706db81ba0ac3ee775c53a772951da313d9b49bb97f5047e23c246fac6a

SHA512
c5af0a02685a35a4b288b46ae37c3aad8963286f7ae47d8ab5a7d1c50ffe3c1257d31466f518552faaff307326b6e97c07df458d0940ebd5554baafdc307a316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
ecf5ac61f080c5c7b8e44c3231c4a37a

SHA1
81450c2c9b9613e0ec07d699eb91ce6d5a81fb4a

SHA256
a04de2ecfe61d29b22248c3b8e9da4f470bec1e992b272a78bf71b368507e592

SHA512
2f613e265220dfd4dbad2b64ee6f50192dc1108055ed4e06a8f888f5bb13206b058ff1596da82a607d8bf1f4024ef54d7c4d6e563ca31e1a6960e2d6004ba98e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
cafd5cff16cfdf55dff0ea95efe2160c

SHA1
a0c0e36bd128e5d1df6f384d8586cfbdf1f4fe6a

SHA256
6e0a0d119654c72375a4eee4546d03d2f18028a4d4d83daf21a3d4f97362f8ae

SHA512
e0cbe4102deb55e20ca7792020cc2bc10df004c1fd962c7affbb0b3ff291e156c53c73ed93718afdef18f0edbd60ce54f9f7962e57a8a327de19760b355c5dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c35cb5c2b8a6bf7a6b98b4136daec5bf

SHA1
1db36e4b42c8c464ad34c3eccea788f2edb0d0c9

SHA256
895034f0c62b5eef6ab9ef3e23e03d3fcdc1b701c5970e3602cfbde19e70f23f

SHA512
3ee86aeb76c96e50535c33298f6e83108e4416ff3b2958c6726d3a02e22b9fd211974645576098cd81bdebb21e4ad0f7b10e9f54e566793d5c3c659fa12f57d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58462c.TMP

Filesize
48B

MD5
80a555260b9bc42178fff745f6eae837

SHA1
826e1648e762689cdde545c6a968df230c226737

SHA256
fa3c43d331d93f4dd8960f3e3dd0329f0971fde809193e4aafa165eefa612b55

SHA512
f9070291e37f9194a3aa907d67cc94e6c3a1bea7d600877c3bc7f4edf6815dae4717b4b50a0c81ac2732dbc19e9beafaed84a3b2b937af60518e9411161817ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7da5321a3ab84448185caa5c3e4b79b9

SHA1
7a3e5b518187042c5fbe304a5a86db93db6c5fe7

SHA256
d8e393f2b93eaa9153876419973a4cec77d96ed3ab4b39ea6b5785c240ab14fa

SHA512
578f2df421212d960ec7d59ad619aa1edbac65e59de3ce1172dd965ba6b24d86803f5b7985690dc2ef7572b02c3d24cab43a03e1dade1e2b88281546c2dbba6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cc108ee90e905bac2cb8fef5c78c55f5

SHA1
5406529ca0011d563efb787e2b6a8f6e03aa6336

SHA256
9e6ccfee1c1b707051b7ae8b9fd3d32ce7229ee679bb80894875c6886caa2439

SHA512
5edae8cd6473a1c881d3ae63f4bfe5f792da8eceefcdf9576d6d7eeb57a46dbf5780fbbfcf2c7e6ee6c25e1cf0ebf7008d4c60e6a19cd4d9735679bb53bd0fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3fca5feee79e33565e749340c171a374

SHA1
8c9ce47ce8c078f28182f5188df9d8782dc33af3

SHA256
dd38429b2dc8844870ddfe23c582d169e5af3eb4749c573dae529a44b99410d6

SHA512
3ec71bf33e8f78238afc01e0c261413ca11edccfd57b0b9838207781030162e4a027dba1920aff69d70c2a17729fb4a738f34f324f83864582340c7f6434fe6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef281e037f2a16fd2eff06d90074fea3

SHA1
b01c87d6fa0baafd946b31b2c80e48f36f08e72c

SHA256
cc4361b6b9aab41fd92e05cfd1fdbf00fac948cabf20b36d2eaa6870b7f66e90

SHA512
383f2ea862977728610189e7e0dc4d894b9073104fe518d8bf79d6e3988f266aa3ae2cb8bcf67be8a8135e377b7a9a62de69a02c8d5cb06efc362bd7ff890736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
922bf32c83b00340cb7386ab1508ccef

SHA1
2806dcba3740adbf9b1bd2f7d9d164e93300c370

SHA256
0c41d2bf49e753084b3b9ccef6a178b06732aa56417753a28c007733a855539a

SHA512
16cf72b6c948d4e8202875b92fb6465a2ee583d4f0dd908225922d290e2fc67a1561ff88b54278af6704c4675b55387db37bda66e4c41fc7605380acd1d249fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84b124d5cbb362b3216f4da5f5ca6b7f

SHA1
e95ee6ed53a91ba3fd9e68c6931fa5e6b90994f9

SHA256
0604dca9605879076db41c98e4320dd35ab1e320a8c8761de32f658e6037da4f

SHA512
3bcaf1e886294934b10cf36df52c32e7ca3fe43770dbf3fdc21ff822afa062333b512d26d2c9a63c6fdb6c9d37b0febf986659cf0556c93a03de4131b1e32471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a091bc18b19d92136672394537970ca

SHA1
0d11fe6f89dead72c9438aec8d119f64fef8f560

SHA256
ee6f648a57e90eeb485e301d9c98c5eaa815ce7ad42d848677e6fc3e51c1dc2a

SHA512
acff47e647b881f5acabb36f4e1164218a90966a884151ac063774d9e516b80e4fc578febcb81aa71e16347411ab4387b6f1e5da2bcd29dc09dca2972a70279d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2bb8aa1966b028e8dd636dbf02686946

SHA1
48f2e3fd2dd993305e229460eb7713fba467d8cc

SHA256
6ca6156043aeefdcfe2242befee81b3803171d7082c9bba8285f2b5db4f14938

SHA512
7613b4822530d2b71ef59c3ccfa138c20cf5865cbaae7babeeb2f37036ec6d6ca22de16aedc77fc789e16a44bf3aab501fae26b89bb02cba9f1237f7d7d57fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
98a75da89bdb0868169f7a4680a17a24

SHA1
5a623eb2c379949fe4a708b3e180271257158871

SHA256
c3a4caa2d462ea3c4c1742a178189804dc7328d56bb372006633c19d28810706

SHA512
8ef81e2f70e44ad43dc305c789e3d03068588f13e71a0618573f217b9175d27e6fd5af59e60eac5f56ffb609a0d2558fc1027662de15e1621f2b1c28db04854d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58146d.TMP

Filesize
873B

MD5
4829d7fdae662a6e50163e183a38445a

SHA1
b337a4a4a89860e731cac57de22d8dec163aa02f

SHA256
6e1d4e7e028507fb51f7e2f39fce6bb0cab0cb254f9a8a4eefadda90c6f8170f

SHA512
bfcb3a9b2383441b94f48ea9107caf992de7537d736fbc36c1e6c14f43fbe03d3fd16b7004678dfa3eb1b9d52f8980f4b3f36c96e255cca508e8d29da4411282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
25776d506b1db959002696e8ba1b160a

SHA1
dc1d5b810beea42608ec249295a4a358f64846f3

SHA256
ca1916f5ca1a6d5e5f273800ee1be5b6a36800ef0ea2b1cd0968a873154ef817

SHA512
f9f1ec61db235488924b7beaa87827a86a22021d1c3c690361fc357c79cdfdeef63f7b8fa27a3c30e0889d7fef0d268b7180c7a7fe0fd2cbbe47a5ab7df8b790

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit