hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqa01hMDlrdUdaamctM1BRVlhjWDFnLXlfZzdoZ3xBQ3Jtc0tuQ1J2WDJhMjVYcnE3ckszQmVBRm45WDdsdWNIS0t5Q282ZDFYeF8zZ01kRWhRaTFmMXVtN09mc2hZNHk4ZkE3bXlvSU1wTzlTYnAyX2V3YmlVbG1rTFhjQVhIdjB6ZG01MjdjZGlNTVdaYmJ4c1JDWQ&q=https%3A%2F%2Fwww[.]cheatengine[.]org%2Fdownloads[.]php&v=yHRdJsVzViA

Resubmissions

25-08-2024 04:23

240825-ez3qcawcrn 3

25-08-2024 04:20

25-08-2024 04:17

25-08-2024 04:14

25-08-2024 04:10

Analysis

max time kernel
600s
max time network
571s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2024 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa01hMDlrdUdaamctM1BRVlhjWDFnLXlfZzdoZ3xBQ3Jtc0tuQ1J2WDJhMjVYcnE3ckszQmVBRm45WDdsdWNIS0t5Q282ZDFYeF8zZ01kRWhRaTFmMXVtN09mc2hZNHk4ZkE3bXlvSU1wTzlTYnAyX2V3YmlVbG1rTFhjQVhIdjB6ZG01MjdjZGlNTVdaYmJ4c1JDWQ&q=https%3A%2F%2Fwww.cheatengine.org%2Fdownloads.php&v=yHRdJsVzViA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{28F5EFD6-0690-4749-A482-B4509734FFC4}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4188	msedge.exe
4188	msedge.exe
4052	msedge.exe
4052	msedge.exe
1988	identity_helper.exe
1988	identity_helper.exe
4320	msedge.exe
4320	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe
5584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4052 wrote to memory of 1920	4052	msedge.exe	83
PID 4052 wrote to memory of 1920	4052	msedge.exe	83
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 1328	4052	msedge.exe	84
PID 4052 wrote to memory of 4188	4052	msedge.exe	85
PID 4052 wrote to memory of 4188	4052	msedge.exe	85
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86
PID 4052 wrote to memory of 2976	4052	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa01hMDlrdUdaamctM1BRVlhjWDFnLXlfZzdoZ3xBQ3Jtc0tuQ1J2WDJhMjVYcnE3ckszQmVBRm45WDdsdWNIS0t5Q282ZDFYeF8zZ01kRWhRaTFmMXVtN09mc2hZNHk4ZkE3bXlvSU1wTzlTYnAyX2V3YmlVbG1rTFhjQVhIdjB6ZG01MjdjZGlNTVdaYmJ4c1JDWQ&q=https%3A%2F%2Fwww.cheatengine.org%2Fdownloads.php&v=yHRdJsVzViA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2ffd46f8,0x7ffd2ffd4708,0x7ffd2ffd4718
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2840 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14560436942122600196,6502705711414837748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:5992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410 0x4f0
1⤵
PID:5460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
60f8cd04587a51e31b51d1570d6f889a

SHA1
88574c41d0ab81721b275252464da5c7927a4835

SHA256
27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb

SHA512
84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
038c1f469deb6932520d09a340856ebc

SHA1
8b361a8c0489b69e9ef4e132e36f20c161c5ec1e

SHA256
5fafae77cfdc093baea4dd31485ced7dc4ab8e734311b3c2aaac1dc2ed95f451

SHA512
fc3123f11323a9f18f5e1bb31c61fa229e0de8b6d07bb01b220605cfd9ba499ed63e76be0b7146e096412cc94486bdba0ee102982b38b258958c6327fc6bb6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
27KB

MD5
f930621607e050dff86f94bbf4806b73

SHA1
d06bdf16d5794550b78713955629c465b6970676

SHA256
fe97ff9a43f7f196dcd9088da3818e6f80ecdc2ad8937a5bd4a52c8b3979a09e

SHA512
df4c634c95cbc63c44c0f884817333fdb3965d225fbcf008d134a12ea99d05965b043c4f74bbe57f8356fd7f698fde30fe34638387ffcb8ca1226fe7c8b00cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
63KB

MD5
5d0e354e98734f75eee79829eb7b9039

SHA1
86ffc126d8b7473568a4bb04d49021959a892b3a

SHA256
1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e

SHA512
4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
70KB

MD5
ba970966e10a8e87ca855b95cee05ab0

SHA1
e3a5e78a16392fd5da108f9821e00f48a7e44b5d

SHA256
463fde9c3ee7e0bd18f5ed0d239cdc1565481df623433fab4142869430ab00e1

SHA512
e8a47925d959e5ab41e3b81a9461ef436c4fe81af5b0bbd350856175ad8e0dd0ac181e509c93799350b86c4815d94219752c0e780a37935eb76d633cc7a852f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
43KB

MD5
a12c90cecb686ce8edde72e52cff40da

SHA1
9dd9a4bfb841b7b43de7d0a6b806bb2b40481f23

SHA256
be1143ebceec550910c4a471bf00e20389828302b1909836344268d05990450d

SHA512
4ca80dc25a0524b43895d849d39d7ea302d048cdfb7f177de12e3ebd91a2d28661831fc9158921fd21ce40fe598aebc2b408e916c58b0a7e6a99a4cdd8200060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
32KB

MD5
8baec1e1af2ffc708fea241f0eef1a5b

SHA1
2e2374d24556206f4cd57e20fcb3df6917ca3f8a

SHA256
bcc1909a1238964e57cde8ae8ed571fe3b11fc51a3e200a2444e18d2ed19e5c3

SHA512
4031b3680614736bfa5e2e7d0bf590d9c97ee2ccf6e3896fa5d7f42f35cd4676feb65e5dbb40ed0b35e8ac3a9f25b60c9b5ef6dad78337e348913ecf7506d0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
42KB

MD5
9253260b86cbae81ad32a32dec47637e

SHA1
09072da0b1de3cc929b372742802d708239372d5

SHA256
0fac34e407a293089d979f2fcf774600c6f0c738a1bf7611b525e0f7d5a28046

SHA512
55d85166d76aa4ed84daf470d41a48f03916dfc3015e236c199bd6dd862cb8977d5f161fb2948e12aa2bc59b0e73705dccd9ca53728be733be3b2c296eb766d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c07b1b2a3e9b57a_0

Filesize
6KB

MD5
44f2bad556b6ec380b2843e9d52909f4

SHA1
f329802191335c4c1c3ac9d2d867e93eaf63638d

SHA256
e88e3739a51275bc574537e725569938197bf6ddefbd53e35646bd7618695ac1

SHA512
25ec0816ab6012565e3ccc6e238bd5470b11d5c9d1b35e92fe4d05c2ead661e4b47bc1a3885955a7631ba923f235039dcaaf5e1cd48ad9521c3f7af5cbaf7bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e142871dab921a83898dd27f76dc09f4

SHA1
ecf7576062ece41639bb69ebecc69ea339c1acb5

SHA256
b828b6e9960d53fa3394040896bcf7df00db8e865ba573d9fd99e3e8f5b0c01f

SHA512
8a6f90be5b51b7b7b28e2f4d0340cb81ea5ee50ce10d1526d7295b35860946cb9f52a1b49f4333e2cd47c0dc133fafb272b8256048f43b062cfe9a4fcbe82070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8decfa54541006ce4012a81df6d772dc

SHA1
710a6ffd283f04ac45a5b478d0ea348cc89ee7c3

SHA256
44468f4be83e6237ab981a12c73fc7698f13ef034cb4f00c8afd6eb75238215a

SHA512
5fa4fd69a73b7f87db2cff5a37eac16ef9d01676612561fc3e696e8984fc5e6a101bc537abb1096f6463f0b34052aecedda3cffe6c4cfbf66d2ec0c22104e0c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
48752762369e5c494ea147eff77964f9

SHA1
791a76a82954e7b9d718353c8c61ba5f9f2b885e

SHA256
96067f6572d2b43ddab9a3ec9fce53e5ec5661838ec1669174e5cb6afd2d0ce4

SHA512
a021b3cc0a167b519babd859d07e5c2593c5cb60e5f2db27beaa663c570de787a4bf167d86e487287f647af7079318277c09007deddbfc8ea7cb30e0a07e54e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
566c789ef85493b9b1377181275c193f

SHA1
bad4c78cfeb428ad547f1b05a40399f7d1113d18

SHA256
8080ddc898354544ddc897d7ad907b2ba5bbb66cb6eaaad411d8918570659734

SHA512
2fc4fcb1bc9e847ec5ec3df813a39285886b4916387bd3f813eab329e5bc4770a0bc2e2affe5f95eb0cb34ccb1fc96c21d5e22c710674b708302b703217364d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
aa34477abff874f42e706ae3e7a42ff5

SHA1
4a4b8b0ce9e162596f3f38744d3f890068a8ae24

SHA256
be6cc124afe2c7f351acf38d940c8ced4e6ec9d0bf794d391a38b2b5a107719f

SHA512
eac595551e65d46ad6ed37715c17596d425bae93df6cf927124eccc0b0a5415146ab0f4a11b8e692d97e74d4effa8a663e6334fff1caed0fc59ca75f4b42532c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
963B

MD5
0418efddd428d04526e104cc13644b8b

SHA1
8ecb2c2891929a23434b9474ca70a6c9f375a6e3

SHA256
3931a233a1215faca15317a88ad9f7b1bd1daede28a51a60663609195eab3ac9

SHA512
fa46ceff6984d8ed85e1a9b7158964011e03b98c92c30a3e4fc450da230cd75c7ce89fa16e40ac1e710c7d8897a7edc008f0d2dee601234d7a1ff96fc63300ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
eb1099a04e9a7efc4161886d6318afc4

SHA1
7cd38ed3a268443569902335ca76b403c5d95b08

SHA256
7e28fa1e1bd8b7f43abfbbadda594cc91f66186780992c38cf9918df3519498e

SHA512
b0b80adf70bb8b81c1d89584644b85cd41ac82e5b3f096ee71cb43c2492d5935629af415c892a32ff606c91a95f9079b1715647eed576786e6661361a8301b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c61564f7e9566e87a77156f709463141

SHA1
cc8737d13da5c97b8a68192414a183fdea6606fd

SHA256
3c684e3523d7695f4dbf5d94bcb69a94e5d3c912b443a839540eab024e3849fe

SHA512
383a59fe1fb8f0d667b2bd92f0c9bfa8c42153dab71f9b3094e7e45f973dbfb472d53746fc82c36ce73907d1c684e358d878d3a5093c67bc8a4bffbf55fab9fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f8fee7bb963498d7aab46617af6212ee

SHA1
4b54b600403c9bdb8b9cbb0ef1f858a73a0bc9df

SHA256
0f0c9cb9dbea3195e06cfaa1477b38d01bd85786643c8026154d02f05d993b2c

SHA512
bfd9c42451d537646ddd92a2ef5c09fc4b086d5f92714a804690ecf7b9af561ebd749b4bbe4c938946fd6a24b4b8af7e0343600177d6834055116d52c9090324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03655baae048f5a1ac48d538ffd1bfc0

SHA1
73ac41d2182db76a8443132323c8255033be7a83

SHA256
1d1fc4496545b5f110f90b222bdf75b1cde106305acbeb8bec2298fc698a464a

SHA512
590a19b2589d9ba7b0d08afd277a980a094bc52f08ca4c92cce24ff624116aeb3c6a8f38aed03544d7194bed4121e62b593e6d4e1acd99d9b422d3db0ab6c64f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
42ed22b4307495077eb0e6121b6bbd47

SHA1
ff1d4ca7decb54a52e8123597bcdeaba36822ebb

SHA256
8b7e1a34f66cfbe07d10fd457cc607db7cddf409d1986fd01ff3559c1023f404

SHA512
8a99596ab10c371912baf1839c710540677c83713454d06404e74ab21e22a3b54dbff22d1e16edd854bd4ff07d05b5d48e11f618454b02560828be4caf48df3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a81ff6e119266b694cce3cfae64c32cb

SHA1
eadbe9050871bae499506fbdd724633cd23a837b

SHA256
ae9f718865c7400dfbc9e025ea5b9b3713a81cb58689d4227f9e79ea4eb5db5b

SHA512
f777534d6869e37f3e2bb6a6f31e38b45e7e4d1b1397b17fcf81f87c80661693a85df50b857e76d02d3dfeae58232cb134eb640da18cb31ec447700bf9c363bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
40b2a051f6f677b7e66504c23b1680a1

SHA1
b6bb625757e2cb10982dd7e0be4469a279ab21a4

SHA256
74ab6fa00130cecf488385dbf70af6a622ab6b9662560b11965e6f51a08e2b0b

SHA512
5f61d8707bb796848a685c8122b9ab5407e67ab57fa0c0b00e52e8783545d8f2fb86a20a827331db72c6fd6e3c4307b90ed7ef874a3e3f6046b49dbba260a7b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ace5de2a1da001e7f8ad5d5e580d3156

SHA1
5563a6a0861e0b4d4d8a39bb5668aaa4d55d9570

SHA256
42f4df4ecb3bcf591d7905b65a6d9694a722b72b8b466fdbe7b8b53553eb1b8c

SHA512
6e022286d96519a3552c0df1771fc319c1fa3ccd02eebe096491eadfa8c62e815aad0f7ee5462e137d99132f1cd28a0b24c398045d031d079b5c2bd5185bdd2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f7b69ae79f8f9277fae823c41558eadf

SHA1
dc41a1b070b8fd982fbcc8ce1ed5304b0e6035d9

SHA256
f6b6bb3799f8ff6e4c4b2d188431cd3b34b1337d52bf4f857609811da124a2d4

SHA512
bcf9fd2840b19ffb560f5468c80f250904b348c8f5df2fc109ad60c38472a19d7b5655f8334155e1275048b8cc542f5d0824a8faf40d678b7fa9afad372a6c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b1c54a7ef37136f452231642465ed10e

SHA1
958612bd5c640b106b4ca94750d11aa1d8b90331

SHA256
75a5c860c95096467192e015720b3d811f736580ddb0bd3331e8012d782395fc

SHA512
724f28ccfbd7e820c3acbb7682f34237de8466e77b3bcae81863d78e64205fd2ebe3eeafd4d95f2fcf25f5fc4631c71406e334ac9332bd8b7efeb87ad4c1cf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60882fb272d6e90d4e92b9bbd94c34b0

SHA1
571374747b1d7f478258a54c61792c86e946d807

SHA256
ceea114c32623d34876d66b5e9d5d71d7412aaf69b0592ed36bc45239f152bed

SHA512
baf281d6e05661e56a28d9dd2d890419ae58bf4fd01bbf81cb1bb42aad0f706d74e945584051c870008e50734a14a7cff96a43394a9375bd55c02cab19881cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
048b684bcdca14337cee5b1b1ad96492

SHA1
9417cec6a5b5fa877a628734f5a0295a444a456f

SHA256
abf8c09f3ebd9f021b485dfa98f41993a90e4a39a970600933b5f76493f92c19

SHA512
fbecf41865f02a1c3f1f1e6b119000e3a0c747e91234c11b6ad090c8e7a897757c5d669b1abd8b7688d5fbe9dfcb1cd5794ed09166792386380bcd3b168c57c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
d03777f20db6c3fc3408b642735b1a06

SHA1
9eb26c85fcb5f16eba32f618e140e9fef51b957e

SHA256
871382c75ba18463ca25d5414d935b2ce9285b699bce4b6d2ff340bd3ebcd1e7

SHA512
821b7e02a00fbe506e4a2529bef1063ce8468865fc41893bd0a22d2624c9c50666bd5288ef8ccb660fcc33122373d9f96c38f2da00ae357043f44340b5874197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
a681b80ae6bd242485ec13ed82a7340c

SHA1
083e2987a36dd7639c27bc8fb67f69f21f9a5399

SHA256
403fa37a86fa2106ca402173b110e3f9028902b6063cd1be20d8f71fde23f3df

SHA512
f85e4d4fb07a93a2e01d058ebe3a0faa388da41ad6fabe65a0fbca91f8fbe2291813e8d4e382d0c755c2107d4e3b001ce153793a6d47c6394e91b3c5a9af1e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
c3a10d8d5adf0125121d2fb38d0751a4

SHA1
b0e59089f922d32f492ecda3f8fbfb5fafd37ab1

SHA256
e824114c75b9194a0dde322a3f98a708d8c3832e5e1a570e38b43b517424464c

SHA512
23869b3c9b74fdc451ceafef734552cf98fa1f05afc7e1c8a637bb4894e9fc7242b8953336c9efd34765857edc449775f37c25a8e7c86a6af7c8792a67156fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
5ae8e04b892f547c56f1e01a7a66e41b

SHA1
2c780997455c3af2de14ce5b0af6cf2cfd30983d

SHA256
bc08a1f279da2bf7ad01f71912fc4b0b1b3a15605f836ba93162e01027079250

SHA512
fc6cfd80e620b31fae09fcc2f9f3421339d1497f46c12dfb3cabd99962e914de4d7673797be0f4ccb0ef5b27b603c11c176f66220fab6735e9c03f0d3e7aa6cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58071f.TMP

Filesize
204B

MD5
710ff6a0f1fe61c0a24c9a731bea9541

SHA1
f9242094a988995fadb8eaf902b5f38a4cc4694d

SHA256
95ae0a43d8718398cbc136412543309c10842f48db8349aa307cf1c198db9b13

SHA512
15e927fc42ba5bc12b03d1e159b1eadb958b306e46da18c480c15281a6ab42adbab5f25f6fff2bdf6d72c63a757352ce6f82638a54ec14ae41f7fc6bd4ac6b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
31ce8048e4241b9dc6fbaed553982c24

SHA1
e012e6da8226552616ad6cfe61dbbfb1289c51c3

SHA256
9a8a40fa66bc943595e657e79683efcb03b0fbb7322d2f62d68f07185a5d8443

SHA512
fc1cfae29ec40f022bc622f85e1d7c31a033603b85ffa75e5bc99ce117cd69ac33244ebb572c56982ce2ae2c2f823e660ea6a44d49eb98d8b1e23f579ad140ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
8d6a2264e24b4a2cdbcd8623f01247b0

SHA1
0406e9bbd31f31c77d50317672bb6ad6e2832682

SHA256
343d70b07f92e91210ff5e509c79a9b1e9a9e5a19f41a4e3a9d991d433bdc81f

SHA512
495725994439915e28911965d5beb4563e53d258d711a7a493059e8312e00a12fe748ed48787b61523bb7f8ce119a61d4c96e19e81947c1970b409a587346b65

Download Submit