hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbFNwSVhGcm5HSHB1VHpjTXE1enNabHZkVVN6Z3xBQ3Jtc0tsOHpxMUxoN0xUVGVGc3NHNkpPSnFwYWdqbHBla1VQazVnODBxNjJLY2J5U1NpbXdOekE4Nk1fN3NONWRKY2JKVFYtVjJscC02TFEwZ3c5dVpkZnIzQ29wTW1TRUtPMHRZaGJqTjdCSlFEOUhMQVVKVQ&q=https%3A%2F%2Fwww[.]mediafire[.]com%2Fdownload%2Faaizcphbop2c7xn%2Frainibow[.]mp4&v=7PEA5znNW3M

Resubmissions

17-08-2024 23:16

240817-289xcasfqg 3

17-08-2024 23:13

240817-27pvsavgql 3

Analysis

max time kernel
299s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2024 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFNwSVhGcm5HSHB1VHpjTXE1enNabHZkVVN6Z3xBQ3Jtc0tsOHpxMUxoN0xUVGVGc3NHNkpPSnFwYWdqbHBla1VQazVnODBxNjJLY2J5U1NpbXdOekE4Nk1fN3NONWRKY2JKVFYtVjJscC02TFEwZ3c5dVpkZnIzQ29wTW1TRUtPMHRZaGJqTjdCSlFEOUhMQVVKVQ&q=https%3A%2F%2Fwww.mediafire.com%2Fdownload%2Faaizcphbop2c7xn%2Frainibow.mp4&v=7PEA5znNW3M

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
4232	msedge.exe
4232	msedge.exe
1444	identity_helper.exe
1444	identity_helper.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4232 wrote to memory of 1852	4232	msedge.exe	84
PID 4232 wrote to memory of 1852	4232	msedge.exe	84
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 1716	4232	msedge.exe	85
PID 4232 wrote to memory of 3636	4232	msedge.exe	86
PID 4232 wrote to memory of 3636	4232	msedge.exe	86
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87
PID 4232 wrote to memory of 4292	4232	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbFNwSVhGcm5HSHB1VHpjTXE1enNabHZkVVN6Z3xBQ3Jtc0tsOHpxMUxoN0xUVGVGc3NHNkpPSnFwYWdqbHBla1VQazVnODBxNjJLY2J5U1NpbXdOekE4Nk1fN3NONWRKY2JKVFYtVjJscC02TFEwZ3c5dVpkZnIzQ29wTW1TRUtPMHRZaGJqTjdCSlFEOUhMQVVKVQ&q=https%3A%2F%2Fwww.mediafire.com%2Fdownload%2Faaizcphbop2c7xn%2Frainibow.mp4&v=7PEA5znNW3M
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfad146f8,0x7ffdfad14708,0x7ffdfad14718
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6193386026945658041,16925942266242605524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:4392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
18KB

MD5
e1156cc2f09039d8aaa152b1c54d875c

SHA1
c8a6808d0b1a98e26f0a4a8588bc5c45edc48353

SHA256
e0474058c882e2f45c94ac8ad2d87e9ea11b64b0ff57cef73fd877b0c1be542d

SHA512
58ab05e2e03c3fc10d888fbfdd8e4a29f2c1ff80edde42be58477c4081e0996a1ee0f5f0256cca4f213c4bd3c7c64919d8ef2d82785e3fc7b0f8b37b4d3df386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
20KB

MD5
88924e883819450fea6752faf211c02e

SHA1
f65cd48ba61e6854b8695490e82b8ef1256c0ad7

SHA256
2775bac57d4aa61e0bafe9902dda744b81a6bc392a953a125fad1da7c949fbec

SHA512
c3aaeb5f7016f819015b54ac7f2cde14cb71b613b046b7097a61d7836f3cf67d38bc6eaad619561c72828d6f930de0362cacddade2f4590389e6c363755c68e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
62KB

MD5
f79882e12fe87d482fe216d30ef3c93a

SHA1
e3031f2d694529705d8634b397815cd907fec24d

SHA256
c95d79ddd197080d143fdbaf458ce6d653621088f2d16827b3037f4417a32f61

SHA512
075f20268aa1b46fd322da5220b1705e42076d6ee681417bc95d5e900c6ed9929eca102796757e5db387db56ed2e97937e074b5af75840e55b018623c0a845c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ace8891be2fb1b7_0

Filesize
268B

MD5
c125372e43a83bb58b152a7e6f816368

SHA1
d1bdbef0d633dc61ece38d85f821aef26151cabb

SHA256
55fb1713d7db8a307477be531c3637ce1a8580e8ea5770f21f80b58704711aae

SHA512
3929dbea96ba28976b308d08a23cb00f631e3c098c0ae4306c6e2167f2c5712a3f09f0ef84d0d81ffd6669106b466dfcfde405ad668393fc045e14c00b86069a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a77328c44022353_0

Filesize
2KB

MD5
2802acd304ba7e21b64fe731828293e2

SHA1
e045730947bfdfb8f8e6914226be2889e126ed6b

SHA256
80a4187009104e6db4f2303d3ea82c97ed633c0edace56b428c67246e051c325

SHA512
af637012229c44e42bf079594933b213c0c21c54d6e50b1ca14273cbae2d62b73fec6ba81996b03fd33d3dd27ea0ac42e03e735dfbb123dee4dfdef6665a1d0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9501205598d9a506_0

Filesize
5KB

MD5
bdcb53d86975ce9e8eb0d640fb3a518e

SHA1
5bdf55f7e5c2343b219f5be24317db2c3b574b59

SHA256
09c0ebade05af176f993f8c1ed29f151613583f5bd9de932e0c6b30d611f786f

SHA512
e67ccc6c8f8b22e1add966e1e93f43a68137a3ea2cdde7fb0a3776b3343158d217b33330b3166eb6d7c3f102a8864792d1745ce8c83cb0798bd506751e583028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac29195a901ecf92_0

Filesize
9KB

MD5
6f9efaf47d3d9ae6862096098ba6790d

SHA1
16481d3b1605d1b5a8d5432a4189f4ef95642732

SHA256
56aff80c6650d1196b1e575bf606088b3abd0659b42adf36da4f5afd1aa6b58d

SHA512
ea8b37696de7768f85f98bca47f9dcb9c9528e4f02e11ba1099394bc97fe7cf2ee9e17b74752d9e5b5591c8f84a2fadd74e50062ab8f79c9d95d1c13bf61c60e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b166f792302465f5_0

Filesize
279KB

MD5
b765b7bfab922e21dd8adebd057bc6b0

SHA1
19f3e4fbc89a3f8ccfbdc54ca24c74cab8678ff2

SHA256
97e48289af60e1265706b0ec1437247bef0dec41cfa6e6f5da62a4c7c755d886

SHA512
0d26e7da5aca03100b1f63a198e3ffb955b166ff30a15e374e9e601ecf59f97b221ef8865fbf43b44e0abd8a2756b68ad8c3403dc06e72cf31f9618cf3c1eca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ee1ca9dd9ff6a95e_0

Filesize
1KB

MD5
b6632d259d6ad0264c5cde68207bfe5d

SHA1
f8b590bb8ad0790e4bb717aeb833b890eb03285d

SHA256
a1f1c10b040bea6062078afd27078b16861355f15bc641003b82d292bf475ec9

SHA512
8676680ce0cc29ac800290b5ff4f942459de6a072c0de25dc894709737bf8516c97160d47811b776318556779d82dd130300c9fbacb5312bef825d4df4568b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ee131dd679163bed39373ecb4e795be6

SHA1
94e9c80300f77c51f2815b3a11abe74d242de356

SHA256
6cb85857c91f27c13e12527b472567643a1ac6b86e1d904d2b8b038a539aa7ec

SHA512
46ec1afd07961ca97a735b263051910fe6f03a9878145866f536341b6a34b77efe6fe2b462e77a0bf01b7137722521cb81dcd323f19b0af52f4cb2d2a981c1ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cb4e372e5e8abf5f9c25feba9f68d90f

SHA1
4fde87fe25004dbd97e6275a7ad0864ceb1d9a87

SHA256
be7c3e53d3ba448b595d19ccc9452642f890ae17aed08b9c07b07d3fcafec8fd

SHA512
c9f59e0cf7776d772071ccfe1ba2fa86ed4cd11cc9db73dbc988d4f927af12a61548a5472bdf6dcd5847d3fb347a61b6652b56ef16fc3c530f31b44f9c3295c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7699db9ea17c081eca02a7d90ad5d960

SHA1
84738d16270a23b7f763a6c12fb228c4012aebad

SHA256
41a79a40b655796e928621dc4ccb5a6c014a406f2a827a22392b43a206d51239

SHA512
d39251ab7e8335bf7a56dd3fbeadff1e4ea23296d26bb829490f6bc81af0dd1c04b018ed564ffa70b7aeda3c1e988113888e808d6ac76cfb8b25ca3acffaa57f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
920f90f44a5f55ad767d0e6250774fa6

SHA1
1c5c70722c1271df6edf8dab71aadb48516de3c4

SHA256
a7767af3403c026c502192964a600f6e04fe4ad52bb30982ade5a535b5ccca7b

SHA512
95a9e2bd51137f348c2db518544920553e02a2b78398efdd8fc485c6bca35867bd2923ed6997d24bf355528b201ef1aea3ea35e5d27e5c40b6ea9c7874c2ff29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
a335b81083f4aee8c7d143ab01ba57d0

SHA1
eb248ce034be3478746e1388e469e31c9e7149cb

SHA256
17d9095815c4d0255a95c053e80ddfcd8e2e98b99a8786da184ac5418302e7ba

SHA512
b1294bcdc7ff91e0d549047d462f0da25cf7285cfa2beaeb7144f129aeb9c6a9e11d66fc7e5ce6f1d2cfdba6d2af2fe91edf07fca4ed8493a625b8f91082a65c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
03a52319f0f25c7f9250e9d1c55ccabf

SHA1
99e44f9dd48f56455a7a4194fb8f93fe66990645

SHA256
9a80034f2cf25c3caa99b0cbc625c2e2fcac406629e5a6361d6248f0d232c46b

SHA512
22f593eb971f8829888605747f8ae520986e9f3acc6d304758c6e253b82d73849d721e0d736d53f4fdaac726406ace4b001d0a541f2306dcc63b669b32411df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
678eb14a498590e2edd403e9586c6dab

SHA1
812c0e16b1f83040d50d9ef43a2127b8e82beb09

SHA256
104dd6ef932af71f92cd8793c828c995ea19a46ab722bfc3586e78e9e4a1f0f9

SHA512
1c78049cddaef3f49e2288f3946354d02eb24c026eddba543e8ecdfac03fad0bfe309da511b753329d8fbd4b7c4d386213269295d87ee2bdb146ecebc258f035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
63f16046f4148e3ec802b28b38bea2b6

SHA1
2e16d1c7c53932300daeea6d33d1c5fbcac0a214

SHA256
86ac7938c670041446971c3a55a386b5bb3cc741f7417545a1c6a1f2dc656850

SHA512
3d10bae3420cb1c448c0f3a400be7400e78b76480a9b1e16a407013f465a5a12ca8d44cce5ac4838fede8fbb2b81feee76960ac2b84695c71b52c2efa7b73c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
063192ec0cea0c7b1880659c6a8bac61

SHA1
0b47957ec3b7109608d3e2d5e2a177cde6103bc9

SHA256
c510c45ed247dd87f59dd2695ea43bc761ce78874321cc44859ad91032aee68c

SHA512
70f6ef5a7ad728419c9005d5e560951854b10b079fa608b887dbc80bfd686e0590a294d1220bdeb31872415ddffc796ba5d56c80865eee85009fcd81d1370fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0364d8ab2c172eee0421ecfe00068a4a

SHA1
8c4decb00a7651fd67ea402286100711073cfccf

SHA256
f1edf35886c8a636a21fb3df1d205f871ed0d263b593092623e2d0f805b1645b

SHA512
c2f3a1f2ac2574cf1b7398d6974916cbace09e337c2e8e218cca7101bf16089ccff5b1d3121e847ffa09f9e5848108e93eb28cdfcbbe1c60552925b7321c3961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
4223a2e44aa1f6c13643867643ff5373

SHA1
5541964e7e843ab0e1269b02b5945ce9f63ce7be

SHA256
bd4d01c17b91bc104d8fc808352aff8f67f87c2c45b58f20645c9b1cbbdda6d5

SHA512
a148b3862b27f8c5e98e7f5906aef8eaf25b72a3aaa4463cf36ef84f2b7de1a7ec907e9746d51741d50f8adab82c397ae6dce6ffbb3943a85777f47c8d35262e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
6c65e9b4100b7491a97c76991119af55

SHA1
fde82a28de98f8cf9ea6c60b0173afffcde9bca9

SHA256
866ff6802d8b79abcdb898b3662d34e0fca74459a76a1dceda78f90542290091

SHA512
f0ec8a534bb0f420529a17d4c773dc010a133adc8e70f223a5c2750722ec34d26aaaa804f82491140e37b92f910379242bddbf9855771524874540a946f9c8a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f7a938aafa2db07a0ea99b0ec8bec568

SHA1
f31aa945e5a656b4712eb7e7e0fee93484bcc11d

SHA256
bcab20ba2c610859a5a3bd3786a234191ca3a3c22717d37da2e8ca2f69d2247e

SHA512
e551a27f4dcf6139c50549b65b0ebff46a4d2a6c437201410de554861d56f5124cc9d4fcc00e08f3340ddb254d50a748a663f3503f2b84a5861140d2bb29e0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e255125a00e5e02d21377f6a023e4be7

SHA1
bc88e91971cf4a90c0f52c7be73311d3abd0bcde

SHA256
d4f8e7263902f3a1221501783406fe2bf52c36354d04fa4d3f8400ea16ad9ef1

SHA512
68fd13d966f9d0d63df2b86d5ac8aa3b1dd53ddbf56d164339cb2a19579ac726224a660d0b8161a5d125df5658d057856d465ba04a30314979b600bbcb161f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8a5199f409200f03506933c2c911c7cb

SHA1
ced2aaa80865e0a6ba3490aab1c983edc8ecb3c6

SHA256
7d3afbdceb2d238750ae1e5f9f38b06f2d325f84444728e4794b316a3e9f7e58

SHA512
34ffe93788ac294850b36db7bb4c721c4ee12c4c333782cd6f92904326c236c8e581612c62c3ee110dcd5cf1eea0b0cd01cc91fcb94f14bda851a86ab08e8487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bea664ee783a36fd67e62bd1a7e5f5a2

SHA1
cf052a0cae2cf5ee2a41c07f4dedc269c863db23

SHA256
dd4c32bd637217878c5ad70e2c9a24fc2c04b85af4597982d08e77d2380120d8

SHA512
2c25fe00e0c0e582f10752471c11ba8cbe5b0b3fc2879ea386a2049337c7b3171b347f3975782da18a5a968dbf54237af3f0ab98fef8dab8fc7d1276931ec1b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
979c7d9fb146dd219d2c870515f0c4fa

SHA1
496ae2bff769563c6d2406ece4ed01c4d5c4fdc6

SHA256
2abce86a6e7bb0cdddeb8b42fc630bde7620ce0b06279a75982b843901a2c0df

SHA512
97a3e21305f2f5ad5240f8e05f90342e01772fe286fd36f5d7f43c1f701447dd8e9eb64e790f88efce1cbb961f5e542f03e739b9e1ea2a330d10a8eb78f4356b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ce8b.TMP

Filesize
538B

MD5
9b85141fe478b3e05903c75a7f1cccd0

SHA1
4de8f26f646fd1916ae61a03e024a50a4a00a867

SHA256
1593809bd015b7bd34d726600bdca16afd4b52c130efdad943a209ac10d315f2

SHA512
21ab5dbe093fc403593a6a5f49138113dfe376f32d2afddc2a824c3f0550f6744a8561fedbf40d75e0f0eb99faa3302dc294f0308edd10d0dc68a967b2930597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6a9bad5522919bc6b7faf316c272fa75

SHA1
adf20bec602b20faadf3813b7f21675b2696dc08

SHA256
e67e7ca2364b0c2e8101571d527efc7051a9b3011178772fea4d3ce491e29fd2

SHA512
d983426875f7808b3f8845d340e6c01f3397ff9db7169905fa4c8dc53e62f5a65b392b5cc8165801780cb868f21e3331b64a222a6ecbeaeeb3d34c7e6e5c1990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
90dfa2f4564c9a82a48f1464c80807fd

SHA1
558c7cf659780bed71e34a2a5a60bb3f4e5540cf

SHA256
110ab277cc18a7861d6e88229ebc526901c65c9b4db8c7946a6d7cce572ff164

SHA512
5453806ebbec0fb42576679eb0326e79cc1906bca9cb11170c53d3c15ed2581be176891d4ec3b7f2785736e7ed2bb7a3f70d9b749521556174bb43667a62f965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
64d0d70d4b5537aeb3b956df82cd3544

SHA1
d883b7a3446568772c1e2e0b0555fef4e20afdeb

SHA256
446359f6dc6349fd7bd1d5621afcf3a9ad304228ef493080899b130ce26f8d8f

SHA512
270ca9391b5044f5cff0815d7521e772a053b66a806291ec7b07efc157426118ca3ab7e8b283bfd9246b58f40afbeab98460b38c5aba0c744bbff195df61ecb0

Download Submit