hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbUF6MDNuRUxtcWplRkppTkVmLVZZajMwTkt3d3xBQ3Jtc0ttS29KTGZ1ZUxVUS11UXlUX2w5dVkweUtOYWhJNW5DelhrV0luSjBQQ2s3SnVaMzFwNEN6YTdsd0ZCUGlGbXlmS0lrcFBqWDFpUmxfXzFjTTFPMXJOQ0t0TkFHZnRoNmFmM3JwQ0ZDT1FnLUc2czFTOA&q=https%3A%2F%2Fwww[.]mediafire[.]com%2Ffolder%2Fc4mb1oen4nvus%2Fch3%2540t_hub&v=teCySzavR2o

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 14:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbUF6MDNuRUxtcWplRkppTkVmLVZZajMwTkt3d3xBQ3Jtc0ttS29KTGZ1ZUxVUS11UXlUX2w5dVkweUtOYWhJNW5DelhrV0luSjBQQ2s3SnVaMzFwNEN6YTdsd0ZCUGlGbXlmS0lrcFBqWDFpUmxfXzFjTTFPMXJOQ0t0TkFHZnRoNmFmM3JwQ0ZDT1FnLUc2czFTOA&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fc4mb1oen4nvus%2Fch3%2540t_hub&v=teCySzavR2o

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
4864	msedge.exe
4864	msedge.exe
1728	identity_helper.exe
1728	identity_helper.exe
5832	msedge.exe
5832	msedge.exe
5832	msedge.exe
5832	msedge.exe
8072	msedge.exe
8072	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3872	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	3872	7zFM.exe
Token: 35	3872	7zFM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 4364	4864	msedge.exe	86
PID 4864 wrote to memory of 4364	4864	msedge.exe	86
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 3572	4864	msedge.exe	88
PID 4864 wrote to memory of 1400	4864	msedge.exe	89
PID 4864 wrote to memory of 1400	4864	msedge.exe	89
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90
PID 4864 wrote to memory of 1216	4864	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbUF6MDNuRUxtcWplRkppTkVmLVZZajMwTkt3d3xBQ3Jtc0ttS29KTGZ1ZUxVUS11UXlUX2w5dVkweUtOYWhJNW5DelhrV0luSjBQQ2s3SnVaMzFwNEN6YTdsd0ZCUGlGbXlmS0lrcFBqWDFpUmxfXzFjTTFPMXJOQ0t0TkFHZnRoNmFmM3JwQ0ZDT1FnLUc2czFTOA&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fc4mb1oen4nvus%2Fch3%2540t_hub&v=teCySzavR2o
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6f3a46f8,0x7ffa6f3a4708,0x7ffa6f3a4718
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6856 /prefetch:8
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8640 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8772 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1
  2⤵
  PID:6252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9552 /prefetch:1
  2⤵
  PID:6260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9672 /prefetch:1
  2⤵
  PID:6268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:6524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9764 /prefetch:1
  2⤵
  PID:6692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10036 /prefetch:1
  2⤵
  PID:6956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1
  2⤵
  PID:7032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10072 /prefetch:1
  2⤵
  PID:6308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10780 /prefetch:1
  2⤵
  PID:6628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:1
  2⤵
  PID:6744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10920 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11020 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
  2⤵
  PID:7212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9940 /prefetch:1
  2⤵
  PID:7292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11632 /prefetch:1
  2⤵
  PID:7300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11828 /prefetch:1
  2⤵
  PID:7380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11964 /prefetch:1
  2⤵
  PID:7488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10864 /prefetch:1
  2⤵
  PID:7572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
  2⤵
  PID:7680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12416 /prefetch:1
  2⤵
  PID:7752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1836 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9884 /prefetch:1
  2⤵
  PID:7852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:6712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,16104623313802959245,8338706457575392369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4016

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:8060

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\lnchr_ch33tHUB_lat3st_v.3.2.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9aa68e61-890f-4eae-969f-bdcb7425e7fc.tmp

Filesize
6KB

MD5
4760b9cb9d4b2e52804f6ede308deac8

SHA1
3f9c2a368616a56924090e51e538f2a9cc0126f7

SHA256
3b5054e05eaca6a01e30f8347a2cdb33482117616459d141d64912e928cd3ad5

SHA512
c445d876a07828be18b6deb115531fa38f397f24f3f12d1c38d6b82a2f6b4ecf4f0c4553e06da8e7f9a78efb419c2241632f7fc26c1bfc24f1383b79d4a42c9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
62KB

MD5
74c240d81e71ae376913677111b6fc7e

SHA1
9002418d668b0b5c3541a86fd6195693384b9fe3

SHA256
e0c7d5f46ac580b10c72b512709965137f941d206ab0995d13a77a0e3f5055ea

SHA512
66abaa43ad96f7466d1affa8bf039c90d2bd6fb64898e506fe0889ddfb3554d89a1c3e9f652724cb791c5c104ca68879e8145064173a09fe2580e3fa4fb9b64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
31KB

MD5
c30d2da9fb20e32f49471c06ab0b4683

SHA1
0d1aa96700760ed1564756a24a0eaba66fa27430

SHA256
28c0929af10cee967c8c4b07c6e0cffd475fd6b02ee0fa430d6394c80b8fbe1e

SHA512
431314c00a7de250551d1015b256bcdb50859d43e86729a8ef72470d619a5ef146e6cd74183dba953e0b30e6393116c48aad1b54323905ccc795e831c1c08720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
19KB

MD5
ce2bdc9ee291575700acedaca2d1a2c0

SHA1
817f29c93540b36b63dbec76ae0be774b6d2f4d0

SHA256
1ee77085d6e13fcdd5355d7167157d4671e3d3d96f75164d95dcfa6318e86d07

SHA512
0736e870fbd29fd1ff93a65cc07fc148b1350126d778b989570cdf01316b7eeebfafd4c3932dfd885d95c325e2a4664bcbeebc10f3b5e668bf164f692778fbdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
19KB

MD5
d99a122d7cb17a0759f9693e8d105bd0

SHA1
9321bba75c561fc3c43aa28b2191a0eaedc76d5a

SHA256
8db37aed80b8f1dc10aa3a9d81a49a79a68d17c76406a0e0e8909e721d9f8668

SHA512
f05734fbbacec02251affb9850db468ee1840adb67b8213a816a2893afb3c9bd95dc25b7ed83ba93158efc718de5d41cb3411074de6da52441733d6ec1aff2f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
24KB

MD5
ade7c67086ec296894094a74fd918d7f

SHA1
a047100b5de0521c2667591d11d090dc1a34b9c4

SHA256
d60b1a53615a2728d7e5cd29ca5c7e3ed981b67a6a48a2f97541df1079778d9e

SHA512
2deb11aae78f63cd8f481c2cceecf5dd5dec1a840bd4f151cdb7475df4124fcd8d68981df6fdd253c0f937e98db1a1bde95ef0428e30b3626909aa262b54f4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
18KB

MD5
0ceb759015a6df090ad355231fdb39f1

SHA1
b947749baab5bfa0bee35d31e5a5050d4beefe9b

SHA256
db71f8a28ad8501544fb4e7668e3c6d0b731760b6f20de3525ebaeba597f1922

SHA512
48a93841b147af84f9419154fb43e23adf7c0afb9328a4427450d82c07220a4f55b08991361bd8cd12a1372de8333ed21a8911bfe372e90973d3a8c166b1e4d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
18KB

MD5
f9b6356e32a9b93ae0f1c23aa537f2a1

SHA1
0cc73519d7b7fb4e4268727490205df48bd570f6

SHA256
fff71a83690454ee6ea9014780a6797408918cb90cde1f0f3be65ea28a03c678

SHA512
b0f81aaed7ae3345c66d39a184b7311b60ec65b08fbd1340e8094407bbc5cf4979ee8ca56436b219dd286e62f03c04e2f58df297cf916f865d8827412d1be2f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
17KB

MD5
9ab23eca2a83f0ab5f26b07d51e7f35a

SHA1
2765a911991fc9481f5903112644bd3366d01ed7

SHA256
7219c2a8c9bfeb5203539577d0c5e9661a30f3bfd8b7aefcfccaf22570254075

SHA512
ed5f2f2a2e9c82fbef81bd75c6f6e9cef6efcf3442d3b9f82157a427b1b14273feb2ad2d149dd2e78d40ae10734fe1b99f32a70a288466a5722cb7ee3131fb65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
23KB

MD5
4a1b048127c7eb464883f37fa7b8c44d

SHA1
9f5b89a54b2126609841690e1948c4eafe9fef92

SHA256
d0dfc2fb87a4e0df6f159aea912ea1bb100805439ec654e0e6190e2e6e8b38fb

SHA512
a5911e30f5b149766fb94fdfb0cbc74f316799c7316833a11cd2fa866105823768fc3082e51d0ba9785861f3146b1cd1a1819cf78800f33a38f852b49e894a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\70716a5661b2d92f_0

Filesize
268B

MD5
6fed7fc3dedabb71b8ad9cca3413d98a

SHA1
e8915f9d3d6027659bb855f3ddbbe289ca4c6fcc

SHA256
bb1c502fb773422eda262cf954be6592035710bcc9110833e09bf0941f191045

SHA512
958d4536ddd7d8fc8d58a0703d7f091f47dcda1424209e9f973ef5454dc8dc70dbcd88855f4f869790121e0ccb2bb4ae333f3d27298769183add6f527adb070e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\89350db8d43de9f1_0

Filesize
14KB

MD5
7e9383613cdf980982bd809b4a63d0d5

SHA1
5ee71fc029d060c727588e48af4a904e41ba37a3

SHA256
a9759a5ab90bd5318bc28df073988225c152a4470c0b764535f2268f2e0b959b

SHA512
9683542aef6910a365afeddf0034edc4f3e99fe4624bd5a3b903fd1d11e52e205ac6b78fb90ed71095122d4b3a791b9f95219a998d71628831d8a37e47a78fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\afe32541cf42f4ed_0

Filesize
339KB

MD5
c812a0b0f760944b7d2717332a693744

SHA1
6ed1f4f580ac14812c4829b0da42128563fb62a4

SHA256
c0f33fa71ac6090923dcdc518b9d49d8adb8d624134126c5d3c99ad3d438c0c6

SHA512
64f26e71942ddb82ee6b59bfdc9a547e99276cb020f0be606448d9e9fe899b0938797ae62958bba191cc35a8c5b57ea8bebcdc2f70a989210d873a9460991405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b65cfc341d8313f9_0

Filesize
157KB

MD5
8c9cf9ff8523ee27b6f6fb059acb2369

SHA1
070b8d24a93fafe97596443a4aa89b259d15d496

SHA256
704c269f80b3e45436f30c58adb8fb5a135f00afcd6516af6157fc94aa678e8c

SHA512
a05990a1e20fbe77f0f7718a4fdf685da2643fb4206886b1b21d6b4e0b24bc6bdf066852abf68485829921cc0376d636d477d8c200929afa539db80ae3986151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bffafe9fa03e4fb6_0

Filesize
52KB

MD5
7b991463337712e4c1b1242787588cc6

SHA1
f6abad828c50b0c917b8f5644995f39343663fe5

SHA256
7f6d01073c3a6f0f409efa157c3faf30c1ff2b8e6004a8d814cae3d0afeb28e2

SHA512
82ebe0c5db5eebe22c456ce000fbe37ad8780470389b937aa136a89c5570e99627575e0b13b2dc486171a44dd4ebda0688ab492893a619cd403ecb92d9424274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c0a9315a9425c512_0

Filesize
278B

MD5
814495d2a0a7cb430fe0048c294d22e9

SHA1
e1e5f296594147f20dc1bd7054b025451061d753

SHA256
4c5e3a5d3ecbe2d7ecc5bd301eb1c0eb300b6e5e668af7e49f3df920c4b8f07f

SHA512
4e7aa99efeac5fc72a6aec2b331e9c929cc0ae475523f62466f756286de2a32e6ab1402d45797cbdd3c156b09c94bf809d30f4b23169567ca7bd1c24ee64aa6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e098a896b02d6091_0

Filesize
23KB

MD5
d6b19ed3fa648cc54aac80f13787fbaa

SHA1
1ad16b69cc1ddd82b91fdce15ca1c0095d6aa0ea

SHA256
7f88ad3e408e986e16e6332c3d1fdc94688e0d77638ef2997b80e86b3f4e45f4

SHA512
d61e84ba0ab4e47a4c55e428b7a4f022a499830a27b09a489d6c41c8190fe3f46356a26e502efdf7fa795f497ad49d8ab6bbf907032029dab5ea6f3ef2a17b79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e6478071939142f8_0

Filesize
54KB

MD5
2d667f3edd60ab493a023b4aa1c37c25

SHA1
a9a0139a4708200cad05f42549143eb49f81ea1b

SHA256
a374963e3ab179609546ecd3a4e7b5436beef2f6178a546e2f4bb5fed8e836ae

SHA512
8f2864bca53de6207112f7849b3bd4046ff12a9d6d2fbb1e5ef7fe2d7fe0992a893316531eeebd9608dc3db5c46a9152cea221fdc2596796661096790e64ce1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ca69d0caed56d44ddd8c19b05ca2eece

SHA1
568e852c13d67bd9834b10c8dd072d2ed30d2740

SHA256
1b9c6137b40e5495c6706391615bc2c16141c547718b95b2220f6afc83f33b19

SHA512
2eb347a0eecd561b12f635887e0fbe1d3bd74961ef8fe146f5bc3fd7388a08c29343172de1d079e246cdf5ddc3cbe7d4ff207912165f5cf8fe1039347d5a881b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bd5e5b0e83ac3d8d435fab9a3db4d203

SHA1
a34ee2f14c5a278833531320d56bde63d50d8383

SHA256
48f139c1b1e613ee030175fa8857a7f4dceafd0488bdcd74dc89864aebc609e7

SHA512
23526fc4f4c2a180ab98087bdd8fc27922cf71c82369b23fcaa9d013a0b5f231875f71db5ef91e9f4bae9c21d0daeed48fcbf5da57fa94d2372cba0500044368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dd506db74e07254a6db63bf622ec46c4

SHA1
edc26136f4db616c9644907c2af9878a851afa72

SHA256
39b8fd1499458546f5116ef42ba7ff8b5366b88972b3ae3a895cc6eef10853bf

SHA512
76cb3defe491c33de7c3f820c9f5df7e96639f6ef275a2165703ceb2e53e0459b10b36584a00068bac222e9e0b90697134b5a25e8aec7772cd8736c09cee0870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
282e6ac4d2cce976c7c497de9097adf8

SHA1
3f78d6ac5383496195d971f3fa8184bbde762d24

SHA256
25482a81062aced0a0eec018504e995882eca08670e64f373aa276055effb1f2

SHA512
a40f826840d0cbdf0375ca733116c26176f04d3fd35f79debfc49459cb890584e864948201d4f17d36a16de477bb93905b308cda653a32747556ae81beb64054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
8ef86fed30e0d2a51424b8442a1c3141

SHA1
d715a762f353ffc07850e3578e7798005d12ea36

SHA256
b372e022ec502f8402ad66f96ed14c02d8def90cfed0a628b8bf9d781f3ee8fc

SHA512
2406c41e4e55c98b52e44e8e566f1b2f0e37ed4220893d46e54ad83cc0513f5d56f5872b73731a3c93c18c0944275fe14ea0a2feba695c82f8e352792660614c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
7268ed104137f13f5474e741abdd4b85

SHA1
db80d1459afba88c41e349ed4fa86e00814dba87

SHA256
f0e4af4998945f9fd25581c36b3dd649765e01088e01c1c682a9551671795639

SHA512
fbe868d31e660c48b900ec5fea2f83b8b53bc23dc7b9f30f8401cb1b4c6cbc5c26c7647cce81f4c6cfdd843a34eb84f64bc47c41e31aca2072b8a7fae85ea369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a752df86d6a23dd752ffa3950c92534

SHA1
42c06fa36c031b0e580439472be514ffd343de6a

SHA256
9d99d64f1fb52cb49eb60f1326d08e6db583ab48febbd619c1de5d94bd431146

SHA512
864e6fb21c3a6ea6f6dd8adb13826d66665d6937a1788c14ae34476e4bfb6a6cc38dd6e0b030652403f95f54556055fcaf096ddeff52e8755aa0309d58dd1486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
675215c5de0aa09f6653da3e32a732c2

SHA1
547412590143aeac0a5e8a00f8b9d8212c1d5834

SHA256
7769f3c6c9a5d0fcc82978b90c621db3879c21c355fe5ef0ec1e5b7394c16b11

SHA512
7c64fb24d745462e411c1964e3a1f85d6f9c40bb80b482ae117313ea030a9832e8072c60a1300f5f1e87dc03884a3de70a60f4ab77f8568a2e4eca4997963678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
6cf9cab838879a16d9493fbb1c5ebf78

SHA1
d39071001254012d48559e1e52770f3c867d3077

SHA256
dffcc26a402dac40cc6ae217c5128363c7a4b7f1da3f09e97203dcdbc6fe6320

SHA512
b059fe107b8c21c2c17ca575636da8ba51489de66c560dc8ca8c6a66edb7e32281a91b18ca39be888aa9114246e43a7dfca22744b71514e6faf9312e284c3161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f4a36055f715ad7be1d653cdb575249b

SHA1
bfc76ee3edd2bcb0db0f083c49bfe98618a52325

SHA256
b7831cea6ae5e612064903cc1c1d232ee1b85866c6fb9e950a94e46a2de4cce5

SHA512
be241079c20b0d09edde8ebba28ac7c516a4174366f893ac4a672ce5bb23b7fcb58733a9e46990bf2929253bb8a2ab81d266fb2aae5a7340bba899b2ce88e4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
d039d4e706a95bae5b95a09d9d0ecca5

SHA1
9537adcd81935474a71bbf4db9cba16bc629f0cf

SHA256
5ecb9326d3b0248ba131efbcd0c126d111d8099e32e390a4c86e8db979e46f94

SHA512
d843d69a144b00cd2a6e02acbdc0244c3445bfd1b74d4912703fbacb4d8f9839b3d27061a88ed284ce2cd5f3c25fd67dccf406c8ea9399254b472df9e5263b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
880ba7ba0143eab0cdf81f5fc3f03533

SHA1
73357429cfa689c36147103b1cf6884349d687fa

SHA256
dba4c7eded33e054d1f79db2913a51629064a212622453f7f528c418459d24c5

SHA512
a059ea768ceacd3bfd8a7c075f26df977a4d156cc52d8d876ae2da5007d2f92fea08a6c3f88db9790482106d41a188d0c5e1256a013d94ebe032b0f68e597d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e99e79549f824ce8a711557885f788cb

SHA1
bf63061b34ffb9c081ce4c240f63dd489c321783

SHA256
f48bb49c53768f165f73dcacb7e40cf59f4e07adcc9f627e108477d326712f13

SHA512
1c18eafe9b6c47daa8fe49e6fe77a7c9b3a780aab70da59b1e20ebe3ceb7f9c4937d7fa76a508a92465ea18cf3b291be4b255ca1af93399bad3118d802e5be45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f700de51fbf2f4b6656d107df9633354

SHA1
01065aba7e53a1d7e0991e40c28afc04adb814a5

SHA256
0d1632ba753d6fbaca793f05e57ed2d9c65cef4208212214ebe05c6e13274d74

SHA512
9b440c72335f5195710de624bda6a0a6265b43f534ada9abbaa506a6b55621cd50f08da3cf9ebcc5f2db90f80393e049f75e4ae54b6271c101b5cd368cc3e592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
2356f3155969ff4ca024e79764eb8ba0

SHA1
77b7bf406352b86a5d57090171ad90fa904824dd

SHA256
3e40b2b92101d05bd4d2fe89ee99f3445d366e6b9a0451cedf410f04875ee74d

SHA512
ac13c89e1cc218e44ad03c9e9fe02c07f9bd9dc7501d8a53b2114df03f85325940f2a75e1e4013384505148e597a6c27a77ffbe8f13955285db0bae5cae94eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5791d0.TMP

Filesize
1KB

MD5
93ed93d0d3f629661289ae1b358935f5

SHA1
2aa3cdbe11ec50134bbbc2d77d2496e7723b4e14

SHA256
3c0beee0b7ca06f57e86fd3ffc897f1a577a476e10867725f07034cc6747f6f4

SHA512
b6f31010fc02daa15afd4bbbfbba77a919b97901ef3fbc2d64288c29823520d71731cc1c9955b80f1145f60dd495eb5092959e9db47a9635d77fb848433ee6e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ef9bf59fd8f43ef61135b9ac73c1251d

SHA1
07dba626adec910b31ee64d6f0991660f3ca9bfe

SHA256
8842288c6e1598dae0c342479873f6ed11f2e7406ef7aad70acdbb159b8c1d52

SHA512
a8c786a7ba6597b7e1129d55a66d44666fb14191e4d0aa3cff9d6cbd1dbd5270cac88493cfd8d46cec47540b703569fa89aaaddddc1f9e07d58037c67b308c8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9c2eeaac129dd337f8fa40e6aef79028

SHA1
a000bdc052e0d86e108018a055c13731ce9c8d50

SHA256
21d4884e60e9a097c4ef8ed1aa5848128a325a054bc80da78f7b2485b1b8ab59

SHA512
8082411c8c11e10b69efb55bd71362870f148878613799a6987142c8954206a1be6910b3a14f0742892528ff50806d757648bdfd2b470b16ec3f2e45f25f3689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f17d1d7497ccd1c6d0ffa1a44e06d44e

SHA1
6e4aface2255aac397d6058cdbd949b29f42adef

SHA256
22dc4137f3aa8063a6a9e19a8c3f057f22c6d0f113a38a86fd0783f00d052a8a

SHA512
ebe9baaeb0867e033791257a8693d068f6dd423795d2b06b80a2a66686de7080efe97cd8697b29412843cf150682d7d393a4f072d13b6999930cbf9e191af606

Download Submit
C:\Users\Admin\Downloads\lnchr_ch33tHUB_lat3st_v.3.2.rar

Filesize
93.7MB

MD5
e7b133924beeb1fe3a91e2900945e37e

SHA1
8e23dab2dc07304d770624528e89b314dc1439aa

SHA256
2e1a0de86988418c2b92b9c515a172a2c9702a1fe1f05cdce0442f8ff28e77ea

SHA512
e364333b36f49c3277809d5d64532a7521bbcfd3e288a24fb6abe314ddc912f4f0273ac998a6323d81c5a5687226dfb751cde2d2315fc6ce5641ef36b472c075

Download Submit