hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqa01hMDlrdUdaamctM1BRVlhjWDFnLXlfZzdoZ3xBQ3Jtc0tuQ1J2WDJhMjVYcnE3ckszQmVBRm45WDdsdWNIS0t5Q282ZDFYeF8zZ01kRWhRaTFmMXVtN09mc2hZNHk4ZkE3bXlvSU1wTzlTYnAyX2V3YmlVbG1rTFhjQVhIdjB6ZG01MjdjZGlNTVdaYmJ4c1JDWQ&q=https%3A%2F%2Fwww[.]cheatengine[.]org%2Fdownloads[.]php&v=yHRdJsVzViA

Resubmissions

25-08-2024 04:23

240825-ez3qcawcrn 3

25-08-2024 04:20

25-08-2024 04:17

25-08-2024 04:14

25-08-2024 04:10

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2024 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa01hMDlrdUdaamctM1BRVlhjWDFnLXlfZzdoZ3xBQ3Jtc0tuQ1J2WDJhMjVYcnE3ckszQmVBRm45WDdsdWNIS0t5Q282ZDFYeF8zZ01kRWhRaTFmMXVtN09mc2hZNHk4ZkE3bXlvSU1wTzlTYnAyX2V3YmlVbG1rTFhjQVhIdjB6ZG01MjdjZGlNTVdaYmJ4c1JDWQ&q=https%3A%2F%2Fwww.cheatengine.org%2Fdownloads.php&v=yHRdJsVzViA

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
4976	wzsus53.exe
5676	wzsus53.exe
3296	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
4240	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
5412	wzsus53.exe
5912	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
3728	wzsus53.exe
5380	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe

Loads dropped DLL 9 IoCs

pid	Process
4240	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
3296	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
5912	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
5380	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
4240	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
4240	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
4240	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
4240	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
4240	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wzsus53.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wzsus53.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wzsus53.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wzsus53.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{00555F77-FA0C-4858-8392-D1EB3A30AF0E}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 730905.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
2176	msedge.exe
2176	msedge.exe
5028	identity_helper.exe
5028	identity_helper.exe
4332	msedge.exe
4332	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
5544	msedge.exe
5544	msedge.exe
4240	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
4240	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
4240	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
4240	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4976	wzsus53.exe
5676	wzsus53.exe
3296	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
4240	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
5412	wzsus53.exe
5912	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
3728	wzsus53.exe
5380	f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 3256	2176	msedge.exe	84
PID 2176 wrote to memory of 3256	2176	msedge.exe	84
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 1848	2176	msedge.exe	85
PID 2176 wrote to memory of 3380	2176	msedge.exe	86
PID 2176 wrote to memory of 3380	2176	msedge.exe	86
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87
PID 2176 wrote to memory of 2288	2176	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa01hMDlrdUdaamctM1BRVlhjWDFnLXlfZzdoZ3xBQ3Jtc0tuQ1J2WDJhMjVYcnE3ckszQmVBRm45WDdsdWNIS0t5Q282ZDFYeF8zZ01kRWhRaTFmMXVtN09mc2hZNHk4ZkE3bXlvSU1wTzlTYnAyX2V3YmlVbG1rTFhjQVhIdjB6ZG01MjdjZGlNTVdaYmJ4c1JDWQ&q=https%3A%2F%2Fwww.cheatengine.org%2Fdownloads.php&v=yHRdJsVzViA
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd83a46f8,0x7ffcd83a4708,0x7ffcd83a4718
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3996 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6640 /prefetch:8
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5544
- C:\Users\Admin\Downloads\wzsus53.exe
  "C:\Users\Admin\Downloads\wzsus53.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4976
- - C:\f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
    \f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe /OSOURCE="wzss53" /BUILD_ID="53"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3296
- C:\Users\Admin\Downloads\wzsus53.exe
  "C:\Users\Admin\Downloads\wzsus53.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5676
- - C:\f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
    \f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe /OSOURCE="wzss53" /BUILD_ID="53"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4240
- C:\Users\Admin\Downloads\wzsus53.exe
  "C:\Users\Admin\Downloads\wzsus53.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5412
- - C:\f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
    \f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe /OSOURCE="wzss53" /BUILD_ID="53"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5912
- C:\Users\Admin\Downloads\wzsus53.exe
  "C:\Users\Admin\Downloads\wzsus53.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3728
- - C:\f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe
    \f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe /OSOURCE="wzss53" /BUILD_ID="53"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2052,11613022864771525085,4387758212582222537,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4180

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x4f4
1⤵
PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\678cd8cc-7ecc-4abf-b4a4-2e318b4fe475.tmp

Filesize
1KB

MD5
525efc2470a7de2d2dc586cb419b2bae

SHA1
3a004902fe52fb202268d583ca2fe39a14a4fab4

SHA256
941f283ac44cbbc77d715035b3a5597495f4e149d934c53812dca794aafeafd4

SHA512
7b31d17be81f18ac93f09833ce0ff0d0f5e1f2c9e418d3c2cd0943862b820a91077e8ddd14b87fd0aeb02120518dc3f376622a1613ccf58a3d5b956e037c4c17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
bcb97ba87fb6d337925df62925434307

SHA1
31acca696e6a96296526196b0d39263b52a2f9b3

SHA256
9ac22abab562edf8250ab02150973fc7a4f2f724f8bf14b7316d979b5360ca60

SHA512
30dde716ac942237ec854355e1f02ad356f34e69e7a30f9c468202fa98fcdffa72a03c2d3f2e4325d7e1e2ce90645c267e2acab0b91699d10b7734f257c59fe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
31141a04e92a7121de0b682c19e69ab3

SHA1
11490aefbdca3fbbe0ce67916730023d9cfe9ea8

SHA256
9e3108c8b064c9a5d05e039165c1aa8b5534cd21e9e8e24f09b8d9f97f9a7fde

SHA512
3c43334ddf8fa214320bfc35ae0fba5b7f500de1014063f0c64eede0849be2d77e9f6843808ddb0129342e65cd983e11772c2172403fb64d8180a72e7cd1f6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b11c6166c991e3b42b40a81d802cafca

SHA1
5fc76a8a0636db3b25ad322a4ed296525773d56c

SHA256
1e4faa331761b263be503671fb8fcd014ac86bd7fe497576f003f55b08ba058b

SHA512
f2f06c81e77c09b7a2aea178b8f34f6bd9ea1dcc5bc7a85135c070a2b827aaa11a871e0a4744e7ca56eeeb15dc8498bbf0451dcf86081bfec08e63c8b71e58a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
761c49182eed7b5dd063f6a638059792

SHA1
70f45262385f126c87b829642106d0b026bbc543

SHA256
3f56eccd794ceb83948e1083133308c1c3579b9ebdcb89d17ec6ef33041408fd

SHA512
da524484708ef9cd5b7637da7fc417c83b6bb2eb49c189c1bb587b4a7b694c7363aa122877b453290a576243418d4366f428c20a8c3640e4bb684ae689f23d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6061f01a6e59ce5050e8b5aa81237ffe

SHA1
54009ac266ef76563e823790c2c3cd67435ddd7f

SHA256
3b6608ecd66c8ff083eb304b106b5606b96b6aacd5937cae5d8c846e0007a0d0

SHA512
b3092b95544b354b20bc2f2e7d0f28bca7dd02fcf2e74d95e8044c0285576925bf2a15bbdd73fb22cb06270a478a1d9b852aa2787f83688d0d2fb22bf04a86db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
aa175d87b5dd300bd2e090701fa39469

SHA1
6f9a44ba1aadaf81f54e7fc778843b4b5c0e4ea0

SHA256
468819d09743a31f473fa3755a94087405885e5efd19359ef3dd0d0469d5b44d

SHA512
ddd7c8f97fe382b657b90ad6125a10b5b34f36de7915bc9d6cdcb9dcf39b6d05b667c212e3ad1d741586e88d1feafaee862321db80f5dd73555d3f29d92bae0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ccff0b7e16ba80166c3b9d3830b4a371

SHA1
e7dd8c3c4e567cd4175e8dfbe0026a413a217555

SHA256
5068e3fe470d90cc973079b1cfc7c9404d1fe40c0eee870f21cba8ef914b56a3

SHA512
dfe13e2523c9a95c7f4796e88652720a5b29d9e0b4a4365e4247d79d47d89d27f2cd393a6abd482cfe478a49b3903874d17afbb27c3f60ff80d48e0d794a817d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fe7af3a14ac0e4d9217b720701c5c51b

SHA1
b0a1b33362c625fd3c36fb49aa48b23bb62eb930

SHA256
e9f1e1fc60454058ae7949827484838d2d45bd7eb8419fe5754e2af794ed0588

SHA512
c7429fe40cd6ce1773f718bf2630eaa5d456ac8e3022806ae428db70092198bb93027ac2b8392d645bcb4acd72765008bcb5db6b7fc688e7b0806e22526053c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
29e955a804838c6451117655e90c5d2b

SHA1
0d9bc31689cd6631587fc3c51325785277c6898e

SHA256
dc2a6e1eb6c26cde1477385bda8aa7687c4a59e73cbcbf5ead9f388cb850be9e

SHA512
684ff421a02b5850390635371376dee02196c299afc85f8681fed475efd8b76b24ec86c291ad1601d0482d4b7942776bc3393f083fab78660e4bb946f76f3934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1f013cec6414880cd239ae004a2e32af

SHA1
e1fb7da843ce2afc8e22161506fe3c1422f18611

SHA256
6552bd9f8a41982998a712cf52401c0fdc1d1f1a06ad249850deaaddc0878ff7

SHA512
04446ede9384c4b71bbd3d9825250a810cbb9741517f4c25120b00a4346d6a91743ac92e3a2a97b6b2dde1d65303f2c33acb84c4b487150234479aa6b72df63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582e5e.TMP

Filesize
48B

MD5
7acb4276781a7beece73eee68ddf0d34

SHA1
3b1fdc0d08dbc79b37891106b016927c7925a2e9

SHA256
ede9f0b125094c61830baa722422847d76f80595b9cf7f7452fb7937e56cc1f8

SHA512
bbb39c4b1ca5b73abe6670453f3078ee29333fdd338fbcb10ed6739008869209d8bd3f3856417ca2c4bbd44d4358da3345b7842f474e8aa96e7f0779e5ca8b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c112987a3378cc8b6ca4ddb631357bf

SHA1
c51a4f44e94a04f7ac648967d263ff40453d2b58

SHA256
d6aebac5e19ac4fa628b3f1da248095d34fbe88336636e8182e2223ebafef18d

SHA512
d518562695cd1414d00ecc254df6bb6041fac2fb92b7fff7f119c98d6c59ff26e25d20bcc12efbabef86e7c012f97daae80e61545bdb550ffb271db56ec806c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
40f7ff4eab50a40679a4e96b02778e58

SHA1
dd24d60af8e1c8babf8cdd1ca7b470d126719243

SHA256
978bd6b4c8301a346236ad96818e4b7dc9fca3a4856465be451c0d11674b6fec

SHA512
73161342cbd5235f254e020acb5e8d7041e63c82141e3fe6d6fe28721ce4eb404f768c2bca59ba93487baf61f2c639d6fef4c9ab0a92c1fba422b0a693c8d664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ce51260e4dca68c9606526af962a1365

SHA1
7e37f4789a6b5f4c246e4fbca889a9c770d69fe1

SHA256
64ffb3ef5c2367647c483c589dda541d5ff11fb45aaa72ae222b141a7c2e7357

SHA512
11f0ae4bb64686b7cbd29fec806aafbe0ac56825ad20348c26fb61be9976b70fdc7940d7203cfd755c722cc89c3b1b583b678499a954b0757ad2f7f2c4e32dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
78969da61c8d00c94467d483777a127b

SHA1
48c8695ba253c2cc5bc7df57d9abb5e90cd53a15

SHA256
089ae32653a69a3fc9d3a298ac11859a8910ede38eaaff2c2807f721c49ad2ff

SHA512
e307b7a3498a2a71c4590aa37ffeced4f5688835a9ee6df30b12e600375f6e428567ac77979d6abb543204c67b9b6e84bf4c33a50d06c1fb3036a281d8c3ac45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5a2107ec5d5e372a0f86d99c5f2d2844

SHA1
2417644b32a156a2956288d80ecb72ff87b42c7a

SHA256
7c1e398437ece6b01d142b4ffcf602fa034f5700748e1f3b5944186d0d49e81b

SHA512
6ec883231894c48e29bc25771205965ebec079cfa84dc76d8e6a7c98c6a518edabcaa79a2ea4c084831a59cb376e52bf724597265f715b4eaedef9612e19a1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
addf9d4cf35c11ba81579e6cc64abb20

SHA1
05c8d0eb4ea6608c942c3bdd69a48a4ebc066a11

SHA256
f92ef954350b570f0a47145439291dbcba03f86f0f6280f561993f09a3323f6b

SHA512
71a41d23bfdbc868dc366057522c43a2812ce6beb348608d42dda972b833f7d9d7c639584c5528076ecaf2278db6be60d9f2abfbcd0e16309166c9e688877a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f5aa.TMP

Filesize
204B

MD5
f96fe46342f5b82551f1841110f1d547

SHA1
01983c6f51ea6d02c8f83cb2895516e32202193d

SHA256
75fd112fee9ade9dab3e6f55d19823ebffbd1b4da013b19bf4bc44f828c13004

SHA512
7c8721f220e7a769abbe5c44dbe0bcdbe71ce0ce135906374e225821a645c3ec07807e4788b256c8124c890488d62c389e7c97b9b0e6698855e66d744e4b8016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aae5f942-96af-4883-8c9d-d56cce47874f.tmp

Filesize
9KB

MD5
a0373c556c4c5fde2b6a6ce5096e6a87

SHA1
5c74e85ea5dee8f1d5187b9c3bce6e61a2e48e9f

SHA256
a23b47cb3e6a411145a8a10a767f6a1e135a0fd8760184e09082504954c9612d

SHA512
7f39f99cd426ee6696f013bdc7d37a0ed238eecaeda134b8b4477a96689bd52942e843dbdeea6f994ee6d77b77516bf578ff7f34cccca777f4806eeb054481ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
76e8ad99fda61548b804917a64732bdb

SHA1
6c9c0050b888c02015392385514c199225344526

SHA256
0b8f161b77536dad97cbb9882431a9fcf778675749bf51cc6669107db7899953

SHA512
138feb70e5b7c78bb62644efb2d824f75854046b87123ee0e1ae41cc66c89ee3c5961f407e903ecd9d4c18b7d48c8dba421e22b99df56a8dcae70c4a52faebb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e20e0d1da1d4159d99628e8bf48dc69a

SHA1
1a544e66ce44672951fa13cc0fb7f4896eeb1bf4

SHA256
55f491e3e1d2d6cfc52da39cef9f5b91e8d8b4c627131ef51041efba13a863c7

SHA512
f1763d27442d5a4aba7047cf3378c1f0b2fb06740ad71945d11c2f9f310c7237c97e6747d19f198c2f4cc6f1cd2f8d3e3ba9ba5df6bcc2cee57668256b15dc32

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb9FF1.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm9FE2.tmp\InstallOptions.dll

Filesize
15KB

MD5
67d8f4d5acdb722e9cb7a99570b3ded1

SHA1
f4a729ba77332325ea4dbdeea98b579f501fd26f

SHA256
fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7

SHA512
03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm9FE2.tmp\ioSpecial.ini

Filesize
2KB

MD5
1639f6e1eb04d91409cba5144449256d

SHA1
f2ac7801311a8150bfc6351769119fa5027854a1

SHA256
f16554acd70640fe60dbc94472da8925ade1ea4910c261e70a28ff42f9ad2b60

SHA512
ad51f5017ab56655cea517a85b3e1cf40ba488c3a994a6ab815165873d745c12a8490a09359b246f1d87ae00cdffc848629e07d5577aa644828b686a760ecd73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm9FE2.tmp\ioSpecial.ini

Filesize
1KB

MD5
8f72852e42ec52af56852907fa78ebdb

SHA1
cda00f2eb5648c1492f54195520c6afbb588318d

SHA256
0d6a916f16ad7f00e92406c201d5daa9b48432d933b55e5f629edb6cd8dde0d9

SHA512
5e4ca5b5153204038a6d17caaf36ccded9a6f5dfa0ad56ea758d5d97d5a82ae2676150573a76e4f97cbcf70ef143375050e2ba2eacdf6d38ff8d09f09b3e6048

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm9FE2.tmp\linker.dll

Filesize
7KB

MD5
0d5cf965fafcb11f8744d0dc729339da

SHA1
ccfeb09534dce671a3fcd216606d7ee572a0341e

SHA256
02ee7e90b9379827cb186df48db5b412aaf800196d6967762fb513b9143cd1ef

SHA512
993a598e3c46a4544ee0011a94fd9a4df66131b1526744db31faf8c5bfba4b5695a096d787555a9807d8bfd3e09bebfa73df97db83b144990c84cb14a000ba56

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm9FE2.tmp\nsEnvVariables.dll

Filesize
41KB

MD5
29924ed9ad063b5fda86aaf08dd3227f

SHA1
f2628d325dd17c1dcc8edd167e2417d7c582f5c5

SHA256
083cbb8fdd692134bb80b6d12c0fcd71ede5444064d226b6d747e3227995e045

SHA512
7909415f5efbd12d4cb152e44222f3564178cc242809909fe094f6d5e2578634ed07f7d71aa9cd2e31cc3371a5e7875bd4691a2d85f7041ebb1c4e2bca978549

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
1bf02b1ca54757820508d1b347f54b50

SHA1
6c060f65ee538615044796f1f6f580253aa84d85

SHA256
0fce7982666baf1387b3452139ddcda6fdb3d49a8892b26bfd5593460daefc13

SHA512
195d98e0f5f13e4af063e8f5d465e7d41c405aa78e5a5237716c13235be115b562751fbd0e5270b4c5291127ea6e80c9aec9d13491106d62093908a7714b25f4

Download Submit
C:\Users\Admin\Downloads\wzsus53.exe

Filesize
45.5MB

MD5
9deff019a43346d956d016cd91df342a

SHA1
bc2646503a6e9a0c8a726bdf79a24fceb7e82455

SHA256
fc3e420307b05488b75daf5a1e704018dbcf9ba45bd431eb83f06c937a67d505

SHA512
b6122fc7779d8aafbffaca5bb07ee1142fcfcaf01e007f7aa9e003fb1d25c6b4573002551b5cc1c7a8ce1b2434c6a537d50a91eb91a09c798cff13e14a9230dc

Download Submit
C:\f4ccee8d-04e9-4fd1-97fb-9bfec8def2c7.exe

Filesize
45.3MB

MD5
e2fdd689cf1c4432b7035a4ef6bc634a

SHA1
59358a207b1babdf402da1da161f962146c32e38

SHA256
0cd05ca009c01746a05f782ba032af73c3269d736b1e0bab7327b9a2252a4d4d

SHA512
6073db8923b2bd0a390b8cadacd59f762d32a177e3ff77a4ce2334ba8b11f35f152006bb06274664aba3622162ddc9dd6ef1ec3125d53589a1fe677865822388

Download Submit
memory/4240-947-0x0000000006A70000-0x0000000006A7E000-memory.dmp

Filesize
56KB

Download