hxxps://github[.]com/ytisf/theZoo

Resubmissions

07-03-2024 12:51

240307-p3n2gabc99 8

07-03-2024 12:49

240307-p2sy2abc82 6

07-03-2024 12:47

240307-pz6gcabc42 6

Analysis

max time kernel
150s
max time network
156s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
07-03-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ytisf/theZoo

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	camo.githubusercontent.com
14	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1468	msedge.exe
1468	msedge.exe
5060	msedge.exe
5060	msedge.exe
3852	msedge.exe
3852	msedge.exe
1980	identity_helper.exe
1980	identity_helper.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 4896	1468	msedge.exe	80
PID 1468 wrote to memory of 4896	1468	msedge.exe	80
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 3524	1468	msedge.exe	81
PID 1468 wrote to memory of 5060	1468	msedge.exe	82
PID 1468 wrote to memory of 5060	1468	msedge.exe	82
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83
PID 1468 wrote to memory of 3096	1468	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/ytisf/theZoo
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffc3b8f3cb8,0x7ffc3b8f3cc8,0x7ffc3b8f3cd8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5603373280871646002,4003052736872286289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
caaacbd78b8e7ebc636ff19241b2b13d

SHA1
4435edc68c0594ebb8b0aa84b769d566ad913bc8

SHA256
989cc6f5cdc43f7bac8f6bc10624a47d46cbc366c671c495c6900eabc5276f7a

SHA512
c668a938bef9bbe432af676004beb1ae9c06f1ba2f154d1973e691a892cb39c345b12265b5996127efff3258ebba333847df09238f69e95f2f35879b5db7b7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c194bbd45fc5d3714e8db77e01ac25a

SHA1
e758434417035cccc8891d516854afb4141dd72a

SHA256
253f8f4a60bdf1763526998865311c1f02085388892f14e94f858c50bf6e53c3

SHA512
aca42768dcc4334e49cd6295bd563c797b11523f4405cd5b4aeb41dec9379d155ae241ce937ec55063ecbf82136154e4dc5065afb78d18b42af86829bac6900d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
932c1c0967d3da83a5e92bfe9ffeeefd

SHA1
896759476ad681053f90c53864ed984258e1fcea

SHA256
7d04cd3596e8bdfb1ac88411a20420592f53124471046b2c9c585d903a5ad8fe

SHA512
d49d0ff93d970cd3e568f8aeba489cfe0bcf8ae4235e477aeb692859d57b4d6af16b091b13c0a93c1216cf0ec459e2fb74814df6161009cd9236f04cb0475778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
34ac0237d6dbefed42917710d94b0a57

SHA1
ab0eac52269f9e071ba317b7ab0f5d5f34012289

SHA256
850d4452092b524307223fa99b60fb573e7f5cc75309946e1502476a10697f18

SHA512
ac80d1d89d1cd63b1bf976309f112e0632f33def17529b2fa0f1a1922c63c456fd2fd4b6ded416dbdc58279e97f14ed61ca41a505b351a91b75006e5967b89b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_f.worldfreshjournal.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_fortyphlosiona.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_worldfreshjournal.com_0.indexeddb.leveldb\LOG.old

Filesize
1KB

MD5
bf7b5d14b764604669d2c1ae9f90112a

SHA1
d9dc31992a60a54ca73266d2434f42048c978f97

SHA256
f79d03c113493970e7728381b23f7e07ccab64e7950ac31702c0ccf1a84a9cd7

SHA512
bd97154a7b2567495d9eaf8f0a3181ccd99b377909a47d3c7acb49eb7cfd0c88f206f2e4d8704e614786f800112c97f8252a56e1fa31625c01c89f66d34c3cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_worldfreshjournal.com_0.indexeddb.leveldb\LOG.old~RFe599ddc.TMP

Filesize
625B

MD5
e3b0fba796f0d9cb3e408a6e520cee51

SHA1
8362457b3143eb33e22883bfd5deb3601ec7464a

SHA256
7e002a961918bd5c56b37961013003ba4b28ab96a6893b821534f7ad1f5cfb3e

SHA512
21cbc686e7825089d3918dc6567de4de77791eb76e7d781528fe67040b570f70a2fcdbfb3183817106166a45c648bc1d5af9de63cadc9c2f1a16843c4b8570fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
cdb27abcfce37b24cff6b8e0d6fdb482

SHA1
5cf42e4623cecdf09008b5bd167b016cff64cfff

SHA256
c724ca52595d95af778c23763905c9f1712bdbf5572c497084467ef3f88f8afc

SHA512
d95fecf09129e0cf1b5df0e8822f7b1e10018ff561226355a58d58e745ff8a7233ff2881eab68b5dfdd1b8c1a7f5aee113a64dd698566b1f3664567e94990586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2725fcf9782b1c268a2ecb31f834c252

SHA1
8a9f5a2baaaa1cda68be6828d0d8a7cce1975bc4

SHA256
2c9d318c6677b31779037f1ee2aa33edd06c4d827a555f026e0705d8129df8ab

SHA512
8f3c01edaaf19e7d7c2021a2932d05a93fd55c8c23e7bdf7608be3ed18bfcfd03b69c768d3889f20985fb856f912861f55b8af1027bcaf00266b2321abf385d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ef7df04dccf510cbd2a6f7e68456063c

SHA1
e1d71370c602a9d2ce3f78ee4399f5c0de23f6fa

SHA256
505806d2cb75666ab45b25192614032d1fbc9064b91aa4fe9b43e1d57b3bb17d

SHA512
d810170396f5ebaccbb05abc34f302e41f7c4ac381188bd41be34097998f2220253ef00a807593b86fd39dee2056f13401868e7a230e668419103f3c52f164a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60ba9b748991cf2f7c64c371c3fd5b0a

SHA1
f796d57d2f099396eac18056b7939675d54ab99a

SHA256
923b8eb859d398ed5cbf82df2bdce9800da2e9934da26fa187ed5aa2900f36e0

SHA512
80899f4048d3eaa7b666f1a5c5868084612266347c3812637231639e09169c85791eff8978929cb41842748e5f667079c025099531d05cc4ac4c8b2305895060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2b6b5d4086f84eebbffa4bdd05a179e9

SHA1
9ca50e5189335a0f645415570cffd09d9976aa42

SHA256
54dbd69c4095a781fedc832b1d139ae023e7647d87a9bbc720ab7f56a2c67e66

SHA512
e5f63d4b4e5c2fc857d6b32089f21d8f4f7039a5aa5f9015a8e24dc34ebdf18267f7ae6aaf6312d294d091f52ce2f8e6bef2f9e0525ac0b3dde77723d69bb355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a1bb172e6eb25357ce528c5b06819e41

SHA1
c31a60ccf7ce735ba820936c6cbfe0611f6470d0

SHA256
fc0fd74f187f8690ecaffcadbe27e83d5cccfedba6d36c27e031d93cb3519eef

SHA512
b230865218938204eea0cf55365855b9672a6054b810d1dc90696575db31ebad00e8b35be2e4b63b5d4ea8ac7bb8e06408237ef7658f7d8f002438dca5d6c637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
da5d76e5d5f91ec57225b116f880281f

SHA1
0b5661811e15583f4cda31be711c252285f96754

SHA256
651eff1d172910a087be8ff426ca15f3624e879d3444205a5abf42fe0a95afa8

SHA512
3eb990c48f00791cda7a5f76cf72e7759d34d721acd8116021c1e306ae863e13a81a2fc8659321b4466d879150069a628458b1b95c1b056200ea9cb406f94216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
155d357949c113ccedde1ffaaf12a946

SHA1
cfb3f46b5a47d1895e70a5baa6a00f0c2527cc3b

SHA256
85f9f97121409717ad1f6dc04e0dcaf8c69cc74ccd2af3ffe3d6b30bd96fe8eb

SHA512
e3387bd47531e8fdec4ff9a2e30a448ff49e85481119eadb08119f4f8c99cb8917eb8456515ad07964703d4c0a1143fc9596722aa3bd6dec45b9c64824b5d3fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f0c27ae0c82596f78114e8aed65cb6bc

SHA1
65f2ffd1faeec13b864fb3ef2e1d092f58bc1469

SHA256
0179539f72e525a343749bb74cae875e39ba2bd94370417556667a65a88fdd01

SHA512
e5a10d030fe7d21ea3d657f624d6c057a356fbc4e7208e08fbf3c701cfb314e375ee3570bb019ad3bdef643f124949d344c404458bba7cbdecd0198c62b96fea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
bab365f329b724b65df3b38326a97d42

SHA1
30c679f95b94a0f7d738e674c6882be49769f1b4

SHA256
ec91e91bd401974d9292d4405a624472e1df41c8f359f1240f575c940b916cd7

SHA512
80be2ff5bb6b71dd2e8aaa23e358c569264f702cb07b082b4d4778e5d9233fe2f3ab98d8a41d1a61d4a98821a8b7e59cbcd8665f0a363272f9bb4f6b8819f4a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9926028cf54f3bda882dddcffcf020f5

SHA1
cab3cb578bee2cc0d55cd7a925064f350d07d42d

SHA256
c77524791b9ec7f3bc3d5d5192139449dddce7e2439b3ab5e2afbe7d1598c442

SHA512
a6a3638818929fd0863dfa100337b0765269e27fbc216b615db0648de239b4f35f2d9e1f58e887bb194d3c47e0916b7501bd1a319d79f87cd7c8f750c07bdc24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
876f564696a2740806ec2f55ceafbc02

SHA1
1320e3c826073ed5ac28c63bd55614587a59e8ec

SHA256
489d7b9899d8ed161afdc8dc35f8e69eeac89dbaf323f476897e8718583ae2ec

SHA512
5df44da8cf2dddb27c0e8e2169eb9087cc0853bc633fc91471eae129581ad3315e48a83e4f7b9191c65d66f1f5464d3d0b17bf1d42d6c391582a874cd875dabf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
868f8f2951b7f039dd6d49a21ad42a75

SHA1
7b08d12dc9a0e8979da191718974469a429ac2f7

SHA256
c21c935f8c90c3d4f76e1424b18520b0a083bd01b04c8694768e3ff8f4520088

SHA512
c9262ad93dbfefde02efa0dfef06466ff2a751ec0fc0ad0af0da5b5da4a644128806ece39705686c7eef06f4998dfb2e117318be16d4b6e5724c76ff3300940b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e4d270abfec3633c17b6c90691f817ff

SHA1
ecd594c87768658b0096b0429f44aaf406b783df

SHA256
6e837423cab959447b93cec2a23737e8820ba27d9e26ec50bedf5fb78b65e70e

SHA512
e690a266199c6682c6bbda63efe6de4857da9826398cd92aec9a97b8cb8013bdf5cfa6cb766ed7287eb73ab17ee9cff7c9a3dd54532a24e8ceb3cf802f2d77c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe596fd7.TMP

Filesize
72B

MD5
2514351c792769b6de3c03de4c4c3978

SHA1
c4346f93b2e1e3b5bbf5f9d286a12187dd77cfd7

SHA256
fcb17b28f6b0021363977c006fc464e7a39689a2441b1ed4c99a8a1e3586736a

SHA512
c439af7ee36be9bdd5e67737b51f678ac4b1673cadf14a61677ae777385142f08a2a09dd3e28086fd2741438b3c43aeaebfe4f6f567e3851e249be2fdc06dafe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
649fc7bc0d42b8fb674113242285e436

SHA1
c759cb0b33c4ab4e36329a70eb0ac8090c524f2c

SHA256
d8e99525b6380fa8e850a5f386a25a5d18668c46cb867a89ad5d3f5b209cb43b

SHA512
cf54dec9434e3e15ba7ad8402d91c23a58f226a9a28d7fa3dae17bef665d573558239ba9de257cdb48aacdda1a73daeb2038f5127dc9a2211947858cdcba7640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0012b15303cc0a3ef3d08388d5132493

SHA1
59d7bc7a1be0bbce9e521efa8059c85aa44d2975

SHA256
6aa803d3eed73f55bdf08fbe8f29231facf75dad4722a2b4e0a548f336be8544

SHA512
535fae61c5f32f0fbc151abef1c7bf5010aa45a878d3a28f45897bb6e553ede5e3aafe3eda6f2cf775fe075d0bcd5e9eaae070f9239d293c31c4dea5af2428a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
04acb5de1e322aec283f123c341171eb

SHA1
b52a4125d08758a74105748940a70b4d1852ad47

SHA256
e872cc127235c0d27a652ae49c80a85cca7b73d3c061d2afcb83e9173c235184

SHA512
7ffec91be177aaae70ccc95d3fead8f8ce287b4e648d69b130f3c1ef64940a8225821d31c2e9d3d3df49769b75bc3f31a3e42c80c25d7fae1ccb2c1796301c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
21f752b4546b265b36bcc20020001938

SHA1
7c34f7fec5a931fb9f9378f0241fbbcfa90fa8ea

SHA256
ae812d8c8c8e0b5a6bf7319abd64bd072c192f2aeadd062337c85df174ff302f

SHA512
61171e0098dba9e4791daae7a50076eb7ec541228ad42a6530456753e5cd36ac5e4f8445352aecebf444bcf8f136426e4500560661213eeae9c9ce9ffc44df60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
50a8c11fcc6cf272dff9c52edee65990

SHA1
1e3d0196e164fe365154f908742a4333bccdbefd

SHA256
cda47ba9e091c2400600b7a680a772fedcb7ce9d74019ae42a114b1f1076f9a3

SHA512
945068a8abbce5300c2eb54a55ed8cc4c493fc7f537280087de044b6281b0de746ab81451b8d36a518987aea4f5ae6a9c51350d73558e8b131a8ea7359b6846b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4d02c905a773c3741c9050a247238bd4

SHA1
3fd695163c032589b9fa516e422b4db5df908e0f

SHA256
4f81677cb1624e54e7cf0dc642f236e4542f53494d0716ff1171171d3c9d83a7

SHA512
458d834c5db231db5f81d6bbc1290c5fce3774063738085fc4668579947364c4f358fddce19bd49f9eebd22dfe1721a8db0e86e9b2ce7e82e68e82a182b15f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ddf0a0ccc549d0d56f4e12ff19c29129

SHA1
4d11e203493861b72ea311fb045793dbb24e035d

SHA256
4aff51cb5ff6e7bcb8718663e63c47a287aa3525df51aa5ee63f2b0c72cc56ff

SHA512
3cda49d0b8960f989fc260b4b302d8c75ae4da23f2b7f008e6b4a5347089971851dde79a456996da9d93bef7eb3a9c7965edecb9530861670a35ffb6100ca9a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b0f4ee9ba34c5639fd40b927712266c2

SHA1
347a1d0094f827027b63e5ddb12223ca93b32040

SHA256
7a97f0ad8fc6706a5c0c581045974b7bdfd2e5297375f14b721998a6d12a5b40

SHA512
68c39ad95d66e6c430754dcd1546735fae9e547d2036c819f87f39d95e89c90f3fe816d0f1835761d1074e5c5dd9414ca1e23284617a3fb7172f732961b6e967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ab44a460d65ab48c897b0a84eef46926

SHA1
79637506dcf023bb6fff51e493afe7e64e88b8fa

SHA256
0f7df0cab0be5333e7238106467e3ed0a75017d96d6a74100ad0d0c350131a70

SHA512
21ba5a9e2f954b12abbd7b7e695f924d29878f0285ac43e779025437cd9acdd6d640bf3a9e589af20dc66b55c4cc3eafff333cd9a13a91590869007c6dfc7d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580b55.TMP

Filesize
1KB

MD5
6d76450111a814a0e58536af26d44b1a

SHA1
47cb14310d54f81184581016400b201acad67ec9

SHA256
953b4ab36c93cbfabc255892f478f2833e505e848dea54375942ac21f11d9956

SHA512
6bc155e2b16e1367b68252f913d86e43bd8264141e2752c6fcf2bd01d1a13187cf9dc63246ba883f6f7700ddc2a7b09858b8e879e3a0111530504f4416eb7299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb6c914ffa1eaca5a36f9a80b9ea24da

SHA1
eb8ae3f41f5e39959b9b856bce9ac0644f7e623e

SHA256
9d4ba9e67304c9e02565ce70f73b50bc98e979d5fa5a61b55223bb8c87bcbbb5

SHA512
5056ae7890e8a5e5c9f2297f6c08953bc2d04761b8974d031fade60f86df890ef283fecfa9dbe230474165eaf0994eb6935f1f235288be12d8f3b356e6e4567c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
3182f8b205e364e33d3a0e88f8cf133c

SHA1
e8c48a38749aca4091973cc37d5dd2ddaca62afa

SHA256
a83abc50c1fc0680e7b205c411c051e8ac93ee0ef358ce0d88b0ed81335c7455

SHA512
c2ee6e37f4e1c452bec495625a3ad1bee044990cfb2f1438c16efdc99cc08274bdc3baec8cbbcac3783267d7e1090ab8e610ab6efd2233d241995c07a8ab5089

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
18e4a6ccb42663099ffdb253adbe89a6

SHA1
bc0627a985ea0228a951e8c52fe02ec63db8f33b

SHA256
1867e7e27cad7dac4538355c537bc931e0f24641d7abf289831371b9f9096cd9

SHA512
a0cb6f0c9ff54332a7fca5a8a0d5d185f0f6d4ec5e75bc6b82ac09c12d96590f0d8e34efcff3c58371eb926bcd1d343ddaa9991ed17cbb3a9e47e0bc82128219

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
cea64cb7b3c034b3e5b88ab69e58ab5d

SHA1
21b7cb96e681fcbc44b312e4b4ce15f7fa0b83ee

SHA256
d05f49322c67a0e647cb78c5208feeaf14ffd81cb439afd4f430d1fef4437484

SHA512
db12ca5e41511ca34fb82a8f9e8dbea2324753585e03c1e8e1d45fee269bf2160e6d59830491a5fbdb12cc0a00c4827710b7e04b942038188195f972ad381ef3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e366ce151fadfb48756456c88941fc45

SHA1
52720f07866874b99cd2bfd9c05900618840faa1

SHA256
94e136f7752c751b1fc46afb3fd9c0df02f6a46fc495cebd53ee31c4405ff702

SHA512
81434c1b08d1e1f9593d7cd788978f610a654bcf8c2dc3aa6aa2a46f4eeba4dedc0e51cde48e04b3b38562f98b7314ccf9b21919d36765f89f23bd670891e4fa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
2a47afcbe4549b8c8faea4e78b69218d

SHA1
c152080622749519ed05ebfc880ecbe0f088b3e9

SHA256
c2537bd4400fcf48f667e317ae2c86c372110868d1c8f223903fd85e7f7f98c1

SHA512
e4c5bc62874b23fb2c601cee858bbff2e028a9b672fb565195b58d215ec274a84680789c3d590614bcc0e58413af2b1c0fc5ed9d6ad6428d931b216d587db47b

Download Submit