hxxp://youtube[.]com

Analysis

max time kernel
148s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
26/04/2024, 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718508534-2116753757-2794822388-1000\{F4157FF1-577C-4070-8C7C-9DE88C4E21EF}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
3580	msedge.exe
3580	msedge.exe
4736	identity_helper.exe
4736	identity_helper.exe
2852	msedge.exe
2852	msedge.exe
3532	msedge.exe
3532	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2364	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2364	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3580 wrote to memory of 5080	3580	msedge.exe	80
PID 3580 wrote to memory of 5080	3580	msedge.exe	80
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2804	3580	msedge.exe	81
PID 3580 wrote to memory of 2116	3580	msedge.exe	82
PID 3580 wrote to memory of 2116	3580	msedge.exe	82
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83
PID 3580 wrote to memory of 3048	3580	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe964a3cb8,0x7ffe964a3cc8,0x7ffe964a3cd8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3984 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,15590244157604921373,2515799973454685535,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4424 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1688

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004AC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6e15af8f29dec1e606c7774ef749eaf2

SHA1
15fbec608e4aa6ddd0e7fd8ea64c2e8197345e97

SHA256
de9124e3fddde204df6a6df22b8b87a51823ba227d3e304a6a6aced9da00c74c

SHA512
1c9c9acd158273749e666271a5cdb2a6aebf6e2b43b835ebcc49d5b48490cbbf4deddef08c232417cee33d4809dec9ddac2478765c1f3d7ed8ea7441f5fd1d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e5a2dac1f49835cf442fde4b7f74b88

SHA1
7b2cf4e2820f304adf533d43e6d75b3008941f72

SHA256
30bd1e1bafb4502c91c1fb568372c0fb046d32a4b732e6b88ce59ea23663e4ce

SHA512
933ac835894ce6cb8aac0261153823c96b6abec955173653dd56e534d644efd03aec71acb4f8cb0b9af871962296ec06cd03e570a0ac53098b8cd55657543786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0c241adc-1248-4c4e-855f-0d0a373374be.tmp

Filesize
5KB

MD5
dcf7a453bee34204c8bec80335bbe512

SHA1
1d960066f72cca4d4b246e4e8c5b98a0beb6f5fc

SHA256
9e55300f8a1fa2b0d67f81b4eac69bf0d7a99cb6cc7255cb892f5d764c08c3a6

SHA512
2d38b06fe4eb9c20f7f7d360a0fb9230be7b2053a4562656f85fef260b84da59e215110f9d1ff38470fdfccb79fa9514c82d159321fa77bb51efae5746ee03c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
36KB

MD5
a1d025eab4ed4654dc67b8954d378937

SHA1
be884426a91f33ef77a71a85250ed66a02039484

SHA256
bfc8935b9a2b77c112efb79656ab3a80f2b127841e8eb7f3da925cd20bb730f9

SHA512
73df1e404c0bbcb2186728e574ba1b6a00ddca0923fd182bb0362bfd216bd4d064bcba2d3bef333a6e30e780bd8b93034a16cad4bed48869eb41895d2913af65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
1.1MB

MD5
798e76073abe579251a34ee1dacf9b3e

SHA1
7e9294eec6545c8e1bbdb7849a73820cdca2fbd2

SHA256
8657f6d3867c20699a230df7939c02ca5fe065db2efcfecf5d8d864ca4873666

SHA512
cf5d69395e47fd4da4de0019a77162736c38f88ef0dd803d114388fbfb139a66083f51bbedd8ab205ab5d41f8464a685f4e0f6b5d3a13f7b91cbb211de14c7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
a4843d5962972095b288d893b5567261

SHA1
b73b5b5616860728ec989327d30b415a067c9599

SHA256
1797f4de327c2773eba7adb05b19901a83aa1f39db9c99f3b6a6e90f8f6cdbbb

SHA512
ea2dd51af30ddc573f83f33cba4dcf37b3fb4625c1c1216fd3eb1d1a00931a903bce6f3e275993c88dcced1b524cf3e1dd53ce12afa41e81c4e9955b29baa622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
504d7b181ec25d510a092d1b4618edf6

SHA1
a982f7dabf72e902c74822e16d92aff686f05360

SHA256
82e1b7e89b1d975f41673ab902d73744a809b024bf206f435b3759d5007447d9

SHA512
21cb9c68fedfd0241ab2c3b7975397c85f3ceac044d5e68236c74b25585b761d5d62ad62304ce0c7d0b45fc7a52ae351dc19adf5140b966ada054f65c0d63833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4d9eba02060dc3df351326993a380535

SHA1
593ec4c7358aa99cdca107de4a814156e383bcd6

SHA256
f4715855fffdf8af34e992cfabcd78fc3a1b606ba12bc0a03856a2a86f5e1a25

SHA512
98da518de31cee2648084e93caeb9984af4027468e9613fd2450bfa04ee97f96bcd7b9d21baff578d01bb1c259829962849c3cfce2d053917a9e49ac115e5a60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4c901ee930e12c64d0f371bb83acaa18

SHA1
fe4707a761655c8aa74cbfce56f07ae818400812

SHA256
9ac84f3cf04208087ecd44c441add9429a09887b33e344b30fefbbcc3f2e0c6e

SHA512
47dd59ac15f583a86e3d05dd84824cff0f759643367993dc5ddf50256b3ec5f8d9ccc1c6ec2439880d465ca7ab5a98e1d5b8d4b0f88594ba63b0d146c9d7507b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a58d14e0d51abcd2f087935173fb6a06

SHA1
4615499b0f26791ae1691bbdf331d5707a166ef0

SHA256
52438b139654b5dc73208e207b5aaab77679de479ab9d1d63111aa9fcc4d9faf

SHA512
980df821a6e3935a0b394013e398f874d11f45d17f720d10746766f1cc75884e1ba27c2af0a29e3b8cbfbbb33f40af66288d68be819ef5c0f05bbb99b36d7313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bde11cb83440fa5b34c3f3339d5a21d0

SHA1
4ac8375dbc4bc4f137df4e71ec338106e06c724c

SHA256
43f4585eab16637d96337a050e2efbbadc9a33398ff6681d84e2185be91ca92e

SHA512
911ed67c81d10f1f05bc5a305f89ec5935e0ea9e9669c61891a0059854fc122054f642927c8d353cded33b626964c8c57ebc55b23c836c424946b66414e630ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
843f2658566e58cdc976a6b81fa5aa5d

SHA1
e803fcadd593cfeab2885329814042627c025261

SHA256
da2d51f83ee6c382765645c177acb872fa18e0e36a1ce1c88539cec6ac188de5

SHA512
4881f5baf017f84f3c86f722bd28f29772f5b76593be1828f6953e2df9a38786de4d7779334e9bb69d467bc9d362e2ed45905343226184bd88c412b04bc93b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5fa10fc34975a46eb6ddac2f3a9d8587

SHA1
ca2a85b934e5c9f323e7cb06aed2f05ea553a594

SHA256
91e62ebf9592f611b9d39bb2b4a4a5cf69635b16d8293073759a44b92bda7f1a

SHA512
fce472ba7e04e029ac41b3fe9aa5cf925ed7fb72e92dd17233cbc59276be8266cc7c17bcf3a806f8ec8a456e981a0df845c5258e65c957e6dd86fdce0fb471b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2e7549d31faf320fd5d11431f865287b

SHA1
65c6b4282d4355721c7d1fc7c69c22c264e38081

SHA256
f4818f93a5b1b410bd0c9a6368df4f5b2b7f33fdd8039c66aa4c698af380e506

SHA512
3ed83e8081f9465657b5be15d721243688fdf960eb582f60138a3564cc8b79ebf56e3a576ad456dce078ad919b8106f1f6b447a74abf2b71f11acc3be88f9cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89a30fa194d843dc55eca218c8d18c11

SHA1
31a40c0c9addf85edec7a68154c1ba93b90c83f2

SHA256
6fbfa2fb490ea4a15e03ad03a8a4141311a93fb9bd382323f5eb1d9bb2f00c5e

SHA512
ee316d3077bb23fd1ec887b1956af21c5f7220d22a862d5f449b8f5084803654ecb5f32be95edd4c7e6d8eeb856ece9bcafcec2f139e284fb5c3611ad82167d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\361b3fa4-5f10-4730-8172-005ea02599a1\index-dir\the-real-index

Filesize
624B

MD5
636faf9e77043064b74abb1c3ab33699

SHA1
11244736923ee1e2c44acf147d6a6676fea9fc32

SHA256
e2f15e7eaa91dc997c59289f1256edba816e01ddeff71cc9bd91dc5c20f72d50

SHA512
0bedbd2e5e84754109e66c73c23c1605710b01a5f0f898c80160052151afc964816e0d778378042911487b6ebc6e4eb5714bede4296d313adffb9ebdacba3150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\361b3fa4-5f10-4730-8172-005ea02599a1\index-dir\the-real-index~RFe57a7d9.TMP

Filesize
48B

MD5
dcfbd49b93848558ccee9c64189f643c

SHA1
100f0ae8fe38d1b4d4e29e651418d60a66137d46

SHA256
a22dea41847711d60c72dee8efe7daf3e65664bb005b1436236ad4be6e6ef201

SHA512
edc6905c37e71a3f5e5dd6d202a1cfa791273584aa4c44989621f80a36ef0e8eb168eb294811d0a54d389b59464f23aefea9c65fc6e9bf4a433c472afd5e2b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d6b99aea-c9c2-47c2-9d14-96e7423354a7\index-dir\the-real-index

Filesize
2KB

MD5
4602c362392f96dcb6bb151e897b185f

SHA1
285bf059629076a37543fa0a6beec047f9876743

SHA256
a9f91d087323a8a61c98d5d9d01b8fa3e144b86d38eb08eebe7123bfd62e8521

SHA512
04efdd457d6d61af453c831188c6c7eaa689348cb8c7d3e242ae9718b7ec4f2cd6f24341b7b1964a5305da20de7a3c02478a758d2f9900a78c861ccc3f85872e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d6b99aea-c9c2-47c2-9d14-96e7423354a7\index-dir\the-real-index~RFe57a49c.TMP

Filesize
48B

MD5
e6f2e9be6a883d3296ba791dbc2fc74c

SHA1
6ce85b4021a363df426b23dbb6edc262f99918fc

SHA256
268469d05348a419369292e869d82731ceac47ccf6804e69f754e0a4dbac5e5a

SHA512
a3254c132107e6296b596d7ea5d0834de9223cb37368bd54ef5efe9cf28d45cbcbbd6f9ab8a010d18848ceb7707e49385d9d4d9dacfef898d0a12476649eb59c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
ca73679602fd608ef1747770666191ec

SHA1
0c02c85e90a23ad549f27f53af82c49531272a69

SHA256
f3e931c8252eb5959d56f0a1df340c51206c9ac981c1b1f78c82be0bd04ee13c

SHA512
75dfde5179c2fdfde2c7cd669734c0c61d0e2a3fef4b17db10c533f934196abeaa8158458903b2ae36c942d61d4a5e54455e37ed7f3d1f83518d7584da14e7c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
8776780e79687d3e0c71dd71cf0a7518

SHA1
8cbe6933bd27d71ca699fa434f240611e472f494

SHA256
573a45ff54b351aa5a53a8ab5436d0a830ee81703e6e8451bf2695a5cc37a898

SHA512
ba3aaf4a0d35f3a75569d6cf5c6ad8455a40193efd7cff6b640287e26df5cbaade2fceac51815c426a69dae0eac09f76731f4297aeb45f3ee1df08fe9cc4090d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
beb8a3d7e35226598784dd4bc3a3ec55

SHA1
501752bb7d98beeec24e6217c3b3cc7b5a7120a2

SHA256
0b38fb7a9a11fc5874cad13412c827cc1afae7ecb9d034f1162e6c852f9f2364

SHA512
6ee016611db89e1797a6bbcac9feba4deb97f66bb1d9a8d7ae3bdadd8a2c6fd35630f8dc474de260a26db016a192f9adc8cba408a78731a7db83823379ca0f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
edce91c8c0e9fab22388e5f0abcfc4ac

SHA1
927645b4a3dc9ff76e145e296416bae94799864b

SHA256
f5362fc4f7b43d2c1e1be23488324734d61b015d3bf8c56ccd6998fec1f2bd8a

SHA512
d61c03395dc0d3eee810c5e36ea5714eadf4cb263d316283e21c4e96fd6b74345ad12fc8a921e7a903974952006ac25a1a6baf848e5e8802bde4d2e652bda37e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
14bab8cee2ef2416f175e35dcef94045

SHA1
edc141be4153e9fb2c10d43a0b72080acb46c661

SHA256
85dfe9435782446c32d88ec756c11a51bf9194ae560c59d424e4fa47432f380b

SHA512
77a5ed7581eeb806da7f994c25eccecf50e9cf9c7043eed3905ae8106769282519db30320cc6a6b084fac35511d1d2e31de672f778bbc814070d9b3c75a50a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0594e207bc13af5009170897216af07c

SHA1
b161fed5d9e6a0b83c4784fa2b7fc4a1775e7af6

SHA256
1de8aeb0c837abf2aaa2c87d73c1ab2b5ed3a674f8446643eafe1285c4714a7a

SHA512
faa22bbd8f97f2273c2303a69c8bc2b21013c0730e51ef7ab06650ef5a6d980e5357015d3e67ac5cb211437556335ba864745ae2bda664369605c3e896fb1a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a057.TMP

Filesize
48B

MD5
f9f9bd178850f93351458e6af1cefbd6

SHA1
c3daa80b449c39a32ce8238bcc2f8a0c8029852b

SHA256
aaeafd8f5a8419cb033ee514bf91fb64f47db24f5fef253da0dee434f1c42455

SHA512
a1ef4624abdef222b7f63bb8788af7b3a8d46dcc30dddbbcd5d356e9843881e75d0f03844b184ac9fd0458c6d5169e915cf12571821db6789e9eb5ac7a28116c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1a3dde43242a64fccf52503452deb9f4

SHA1
666e2a18ef5f7d66acff91a7510401b82f864555

SHA256
06427e245aa63e59b770f849d5d8a9d10416ccab23a566d5b3a5b9bce560c94f

SHA512
26f21d2d673315e20026ba8c635772ed3146dee3501c4cf77d7701e36fabaac93b37b54d30c7481d6e430e6ce7d8b68a7ac8c007fbbb8122305793564a347e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f8188d764c2a47528e14278d411bcc1b

SHA1
e016a685222b15cea7dcbb2e5c36bdb52956866a

SHA256
89e7bfa55d67e9b0b13b8fa5f5a3681bfd8ec601e3b21890fa42ea3529b47a44

SHA512
46d4d96535a0f27e00504addc7832d5393d5c1642d9ccecab65bda23784b1fc875cf13f377f03e5ab1c9b936546e6620628e68e5c84694fae635a6ffdd1f9933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
12c5987170225c7a7c463dd6460974ad

SHA1
1b64fc9f5c4fc183b90670ec6945b91f2a3830f4

SHA256
e4c4fe081dbe5de56a406a26cd81cac9101dd018cd3d0a6cb8fc32bbbc53c683

SHA512
0f3ec990acd42e945a3483b1c9027afa431c48acb9ff988f47ccf4d5c8cd6de9225e8fff38b52ed680d435dca783b4874f00367a2b02be0d7db5f67bd5cb2129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ec15.TMP

Filesize
706B

MD5
c73171c082f19ea557a6abafd3be07ed

SHA1
fbe3cdcb0ef4af9d62942bfd4b4c67b33947e9cd

SHA256
f0f384e01856139d0ac1118eb63cc1e1322f8494b0022555b8564fa47f1461d6

SHA512
f7b4f6e64682a6a8e65231d24de0f27698efae797e6921d28271635a6967eb124b4c6934529991a256a1155b1ad83af3ec6c200773a1d5ca1f5994cc672b4688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d1605557-32a7-47c5-bc3f-0091957f863e.tmp

Filesize
7KB

MD5
17827c454d5db3e527b833a384cfb1a4

SHA1
8b9113284929c1e97ed04741ac541b55efb73942

SHA256
c639d4e8bad64e741e65210b95f9931225840c1401fa4dd1f45362a72fc66d72

SHA512
a8046f0918571c7c8498d37d450ce4e63e1cf291d6bfbb84f6791a6609671c69b4b219be118d7a49ebc48d143dd8fb8256a547d15292ee71458450e331189031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c23968461ff4e5ee74f2879be664fba8

SHA1
7ce725f9e93d57d65b995bad457aef631c927e07

SHA256
9b2f63ed3e821f5b4030d2c5a8a2533e39dfbf44a9ce868588b63387384c529f

SHA512
2eec0c4f2326f1c21a9f7ce7e75a8a17a2a848ef558c3b920c5661a88bc6a9ea17af0f8ce3f4832289b113cbd66ebe5b9c73f82c6d4ea146bd94d141ee601393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37e4778fdba0136cce01ec2d9e21385c

SHA1
4fa213fd15750dfc41b4b16b7c45a2853a74545d

SHA256
9d8725d4028654cd93b234752f8b1a41c58c0cc0f9b8aba9fa9bd20e06346f64

SHA512
48e350a0f59784eb33cd402c03299a3e55f3c801c7c01fec6ca38919742d59ff2917b7d593603dfe14503d81e7cd181f1b62605629e1ef529d6bff66985c3758

Download Submit