hxxps://c3[.]youconvert[.]net/get/dl[.]php?rlW1pzjvBvWbqUEjpmbiY3A0ZF5yrz1jZl5wLl9xo3qhoT9uMQ9mnJp9MKyXnTWUL2yCnHcWIKcWZH5cFKAWoyV1L0AWAxyepSuJD0b5YzI5Fz1uI3ufIHqTZTSQFGMWnGE2Jz1fp1cLGKMAnxS5GxZ4Z0k6FKyZrxHjGUcIqx4lEKqAZyWdGzcJoH9UIGABIRy5JJ1JnH5gEz1ArxRjGT0kq015FKAWoyWjMRq4oRydo2yHZ05bLyqTITVlATqZH0WQLxp5qIcUIJqKrHWfMJ0kq015AJcMrHWxGT0kq015FKAWoJkbMRAWAx1HL3yBIRxjGacSq05Gq2ynJTu3FJcirR56FGSArx16GyEOZJMEYzfloyqUFRSUE3M2qxx3ZT9ZZTSEAySEpJkBZ3ykrIy4G0MgISZjpxkQHTZ/MT93ozkiLJDvYPW0nKEfMFV6Vx9mLJ1uH29hKl1sDzkiozEyVa0=

Resubmissions

02/09/2024, 03:58

240902-ejzczssbpf 3

02/09/2024, 03:51

240902-eelw4a1bql 3

02/09/2024, 03:20

240902-dv7cas1erh 3

02/09/2024, 03:18

240902-dt3ygs1eqb 3

Analysis

max time kernel
297s
max time network
296s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/09/2024, 03:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://c3.youconvert.net/get/dl.php?rlW1pzjvBvWbqUEjpmbiY3A0ZF5yrz1jZl5wLl9xo3qhoT9uMQ9mnJp9MKyXnTWUL2yCnHcWIKcWZH5cFKAWoyV1L0AWAxyepSuJD0b5YzI5Fz1uI3ufIHqTZTSQFGMWnGE2Jz1fp1cLGKMAnxS5GxZ4Z0k6FKyZrxHjGUcIqx4lEKqAZyWdGzcJoH9UIGABIRy5JJ1JnH5gEz1ArxRjGT0kq015FKAWoyWjMRq4oRydo2yHZ05bLyqTITVlATqZH0WQLxp5qIcUIJqKrHWfMJ0kq015AJcMrHWxGT0kq015FKAWoJkbMRAWAx1HL3yBIRxjGacSq05Gq2ynJTu3FJcirR56FGSArx16GyEOZJMEYzfloyqUFRSUE3M2qxx3ZT9ZZTSEAySEpJkBZ3ykrIy4G0MgISZjpxkQHTZ/MT93ozkiLJDvYPW0nKEfMFV6Vx9mLJ1uH29hKl1sDzkiozEyVa0=

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1287768749-810021449-2672985988-1000\{D1D109FB-FF12-4190-B408-87B2A9DB9226}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\CENTRAL CEE FT. LIL BABY - BAND4BAND (MUSIC VIDEO).mp4:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1524	vlc.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
880	msedge.exe
880	msedge.exe
3336	msedge.exe
3336	msedge.exe
2216	msedge.exe
2216	msedge.exe
3920	identity_helper.exe
3920	identity_helper.exe
3440	msedge.exe
3440	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1504	msedge.exe
1504	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1524	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2204	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2204	AUDIODG.EXE
Token: 33	1524	vlc.exe
Token: SeIncBasePriorityPrivilege	1524	vlc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious use of SendNotifyMessage 17 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
1524	vlc.exe
1524	vlc.exe
1524	vlc.exe
1524	vlc.exe
1524	vlc.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1524	vlc.exe
1524	vlc.exe
1524	vlc.exe
1524	vlc.exe
1524	vlc.exe
1524	vlc.exe
1524	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 5084	3336	msedge.exe	81
PID 3336 wrote to memory of 5084	3336	msedge.exe	81
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 3524	3336	msedge.exe	82
PID 3336 wrote to memory of 880	3336	msedge.exe	83
PID 3336 wrote to memory of 880	3336	msedge.exe	83
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84
PID 3336 wrote to memory of 3196	3336	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://c3.youconvert.net/get/dl.php?rlW1pzjvBvWbqUEjpmbiY3A0ZF5yrz1jZl5wLl9xo3qhoT9uMQ9mnJp9MKyXnTWUL2yCnHcWIKcWZH5cFKAWoyV1L0AWAxyepSuJD0b5YzI5Fz1uI3ufIHqTZTSQFGMWnGE2Jz1fp1cLGKMAnxS5GxZ4Z0k6FKyZrxHjGUcIqx4lEKqAZyWdGzcJoH9UIGABIRy5JJ1JnH5gEz1ArxRjGT0kq015FKAWoyWjMRq4oRydo2yHZ05bLyqTITVlATqZH0WQLxp5qIcUIJqKrHWfMJ0kq015AJcMrHWxGT0kq015FKAWoJkbMRAWAx1HL3yBIRxjGacSq05Gq2ynJTu3FJcirR56FGSArx16GyEOZJMEYzfloyqUFRSUE3M2qxx3ZT9ZZTSEAySEpJkBZ3ykrIy4G0MgISZjpxkQHTZ/MT93ozkiLJDvYPW0nKEfMFV6Vx9mLJ1uH29hKl1sDzkiozEyVa0=
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe178c3cb8,0x7ffe178c3cc8,0x7ffe178c3cd8
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3608 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6476 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5352 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,13322353258051863698,16843051626963491246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7008 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\CENTRAL CEE FT. LIL BABY - BAND4BAND (MUSIC VIDEO).mp4"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
f3d0a156d6ecb39d1805d60a28c8501d

SHA1
d26dd641e0b9d7c52b19bc9e89b53b291fb1915c

SHA256
e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3

SHA512
076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
38KB

MD5
bff21faca239119a0a3b3cf74ea079c6

SHA1
60a40c7e60425efe81e08f44731e42b4914e8ddf

SHA256
8ea48b2ac756062818bd4ee2d289b88d0d62dc42a36cb6eee5bdd2ff347816c7

SHA512
f9e5baefacae0cdb7b9c93afc43ad6ec3902b28c0cdf569e1a7013f4e5c8dfb7b389b5e2bc724b4ddfe554437320f4f2cc648642944c6f48ad2a78815acd9658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
540af416cc54fd550dcdd8d00b632572

SHA1
644a9d1dfcf928c1e4ed007cd50c2f480a8b7528

SHA256
e4e53d750c57e4d92ab9de185bb37f5d2cc5c4fcc6a2be97386af78082115cbb

SHA512
7692e046e49fcde9c29c7d6ea06ed4f16216ec9fb7ea621d3cc4493364743c03925e74244785588d1a4bfc2bedd32b41e7e66e244990d4076e781d7f4bbb270f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
232KB

MD5
6cf83526919e2c39b12ad0fabbe14542

SHA1
9921389f4b958bfa622aa2f8ff6bc893e38e30d5

SHA256
6bf5dffc7f23eb0fd6bb5816831b57aab67f73df1ee9f78f9303891c9d424678

SHA512
5c0c2b6db46e5bebe9881f407dad6b2a26068807f21d5c02b80ee14e07b415aa1d562632c11b427bbc3b53839027c92e34f3df8a1fcce8d53415eb8ff9620bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
20KB

MD5
e922f99ffe1e8eb6ff6c80c8c2582339

SHA1
a737e6dbe5bd43874b6b49a8ac947b36f406d47c

SHA256
fdbbab8f74ff0685ddbae8725bb34b645af31f70da755eee412e6c64d78627eb

SHA512
211182d1b99db02f0bb92786d57bc1cc8db182b4d56b5493c26059cdbb651fbf59a4ae0e9c712bf80ab94396e42c0ddd75ac52dc02422668b3525bc7d1625ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
47KB

MD5
2b5dfb1918c67607a49e6f784b48797a

SHA1
a8830395cceb8de7687b3b751c6626546f307d47

SHA256
5aa5e0d95839092c4545fea0928eeffac76690e8adf533d97b600e97250dac8a

SHA512
eaab7c07e1dc33f43aae512b77a2217af2189aede83c97dc73f2be7a17da5b1a242f47c7bd272ab13c9513d837fce6ce0ed0114b27971543370413b2a9c5dcfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
753KB

MD5
2a283c0fc03a66ed6276ac8cd23b6c99

SHA1
79cbe1c0c2f1e3acb5e3d85970207024ba1c757f

SHA256
0d044d038870bdf1779be17b1ee25746cc8f39848a22b5960a8bdc591d042da8

SHA512
7d4126e07c0dce56ad44a52c21e3d12ebbf74336f51a389d2ed47b798f9a8ba1dd527072cc531f9a4dba1bc57003d865cea4d66cafacf7acc162525687990cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
32KB

MD5
eeed3865918f5f4f828ba620f28ad872

SHA1
1a9c62fcb83b3b07e93bb4598e26fec821ca8729

SHA256
bd990ace13afd11503454ac99b3795d6d10d71f22f2805feb6566d2469c59a4c

SHA512
ada4f8269e3984782b3d5ab29cd5655636f431073266367fe9d602e338a208aa359a72ec3145e3131eaf1ffcd4a5154dcb1e7d9a0aec989416fe0293e13298dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
32KB

MD5
c3a6cdab067beb2f78014e56210ae536

SHA1
bd117962b45336e96e576c6243009e602d09ee47

SHA256
e605878123ff1aa07ad7665de4fb689d90ac89e2cf51e91428324d213f540ba0

SHA512
7fe893fedf95ec495216ace819e096448b544c32634c948a634e4e793b7ebc6d7740d7b739343412eb7af42604c9ba37deeadec016bc3caf286166718358ba14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
116075f30a13f0c454c000989a43bd96

SHA1
33855759348e0b438a7a2feca82db696404cfbdd

SHA256
174c1035d19bb033a6a8c5ef64db30af41451ca85655d81df97f4adbf58d3c9d

SHA512
459740e57fd2ee923c34728ea8eb65e5d38d2c714a03dd60080703a3e7e90f14a7c4b08813d7ab7bc56904d01b3b892634372ebe443da25b4deebe499cd20b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5ee7759afa961f717188df8a7ebcde0d

SHA1
7b5d27e47fce864a514f44fd941952d9892a5acc

SHA256
f3e214f9a83a39f76af4c3be8404644eb234e1580a72a9b9d6d79dd0f3505884

SHA512
ede30f2845263679581f219705ac6e19b39161edaacefa0b4623412fae52dc7c2e7a95b09fed9e2d8835611b5e77a4b832f6b2754e0513d4e6346a7e4bbac4dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
481b4ea478791783029753bb0cef27a3

SHA1
2da74b77d7c64d4d28e1c4fe37e008eaef05a43c

SHA256
a0e81db532d2d903c63d1e7d812339e779232f4cd942007c2e5fd5dec177ec63

SHA512
359dd1c1bc5e02692ff8f5d8c493bf589c1ab748dc0b1edeb90d78e89a64c09839327164bcc8851c2f7734844d3994709c748203005bfc386e71e2ffce6e4445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
c905aa0a4165c9f3e54e9dc9d3e02977

SHA1
0c14b6acc5cbf292378534c1f478198182bcbad3

SHA256
211a1270ec93f4a561c92b4572f31c9b2681b0a804203111c0b742b2361258b4

SHA512
3ec022775df2bda72219665a8974d5baddf1e242ac386fcc01c82f8cd6eae1246a83fb90ab5eb24bd72e13745741d78cc16273ca06594489f53364d6ad315c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c0383f4437684827d7ca2ca78f8954e1

SHA1
7aa65d6dca9c425efa51e0540a5681700a55cfa3

SHA256
c9fcb1998a82412019c366397b5c1dac374bbea81216ca8d618744e5a9fffa5f

SHA512
af6e3389527b37df010181587a519f005a3f68ce96c12b3ecc1493c62abdd4c2cd4dc7ac31892d80616a16ba915652891adb8fdb0d038ba5b95144928e11e0e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
5904f9ee45543a145ce21e7fec440ec7

SHA1
bbe53923322254c6ac45d7f93e1af5c2203416a5

SHA256
1e1db547caf5e79005315f6632d00abd2b74465ee0f994ba3eca778a38c99b05

SHA512
b280e2696c57098fba701382e115bcf036bfef90de6cd13ffa3ad112922d3f89ed1f6087429c67e986e3a0e9b8cb41944a6fe1424e2abadfc62a92c3a3538e18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2bcd88933c5e92318027552dc47ed880

SHA1
2b99c02a969f9bf73a2e445ef06052b9300d49c1

SHA256
b7337b51484e401087295b1dee642ca0b666c753c9a4730e6bfbbd6519ceea25

SHA512
17d05aa0c4048bc31787905e6794a6039bf487ebb77122d8fd6870226ea6d2944b8429a4a3e25aaf61ec48cfcfb4c8ec1c2683ad9cfbe2ff1344fd13f34ce58c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be2077fb81e04ad95117f3825b132e3c

SHA1
f65b6058a1eee60042c32e773d148efbac73de84

SHA256
de6ed8ac464733dc920ec9e7a6e85a9c819c1f706c1afa59180c83d019e217c2

SHA512
e201e6acf65f4f62e04ea1f3da34b31a273b3fe76a532ab9b3c55bac1045f210b58b3b5ff93dbc573fd0fb404561e1fecc3d162d489469e67cf5655aa410484c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54d2e15fbedf9abc33b8cbd93ac15f4f

SHA1
8637bc9f010494f11ac8caff8036ba220f6117f9

SHA256
3798144a1f9a93f348850e69dd187e674a208874e92e488e61454faf3adc002b

SHA512
5250f8d7e49ca1d14a45afa5d8676a61b5bde66d83ba03cec7f9262e28ebff0c675b9b6d27e47e152d1562c00fe9af51675e877c9dbb47ac191f76969a5386ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b82af0712765746670a80b74d841995

SHA1
d250c491c9ca47a02c96fe5fe1d589ae066e6cd5

SHA256
49a40d3dbd9b358da3db8ec30eff13ec42f6b3c9c3d5136ff869e857ba9c751c

SHA512
c3bc4a75164d61209d47892013bab2531d000591f5891ba917b08e27b75c54d0fa945f0722cf65e1ef3c7c413378fd327c70431f4ff3e1ddaac2779ecd4ed0a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6a8f687b2eeaaf8f1eca96da2051074c

SHA1
7e6919e4809bd3c317cf821fc53d58130456b036

SHA256
b46a319a780399260cfae4ad3af0536e7e4c74055683065e070d78d01071efd1

SHA512
cc8edeeccab962e0cf5de3af8411a337b08e56c9c0c1c87eabdb04c9d89bebee283e2bc96ebf9b0f4f8b85b9d2f10e484d8f6cc487a374094eb1ea78bfcdefe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc06e4483dbb6ec500fc5bc4786a240e

SHA1
3f5ba71544da52b77f3341ad32df82613335ba20

SHA256
0fedfed42253c6c3e5c56ef4f72d22cccc69116cb3838783a32b1e57a0dbbf15

SHA512
eaf10b3954fbd7047c94d1fb3555fef62e46e448ae57bda1f8d18a78c38e95370ba3eeca7acbfbf96dbddbcc795725c7ded4b9e0b5ce459f4c5261e33463af41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b6b9f5a787722982c8f5fd0b020d2345

SHA1
bc53b7f71c5cde8e20eab73fb0a40ad90d7b59fe

SHA256
4c5e0cd5a4c65c64850b7580d1511f64abe6d223cf1c6eacc47f8db192c852ca

SHA512
8f02a2e5aeb9703b70306f0f79b65aa5bfbf550a41e2d916f4b772e070c5d9eab18f6fcaff743a76bd9a86f221444cd669efb91538cd5136d3ea90f659ebcf5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\06a5f921-ec3c-4cac-b9e7-fe2811e45922\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29897215-1842-4645-86c3-ab67b3a82d7a\index-dir\the-real-index

Filesize
2KB

MD5
969433454786cfdb604c9abf3ac6464d

SHA1
ec90584de4311a0c34ba50667ba3dfebdbe36c93

SHA256
72dd7f68e3684d308de8f710c27afd2e91490f1d2fb61874152b371d53a77d0f

SHA512
14e07e5d359d7891843deb86ec21a2b9e525fa9279f627dc44187e46f7862b879f5643ee672a54ab5fd7d5f3d88ea05934bf5502b20277065a5594b1e5792374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29897215-1842-4645-86c3-ab67b3a82d7a\index-dir\the-real-index

Filesize
2KB

MD5
08db69ccaa3872368137afd9847a5e19

SHA1
bfdb53729a8c5d434ccca351f05c32e198e22ac4

SHA256
d3448f0d25f818648bc6dcc33be56848db98527cfc2b51bff895812ec51784bc

SHA512
c8a3d8388eed71b0cfbec14263ef81dae2eba40503962a240753f141862afece7e20897aabc01a50ff30b877658714c77e43f34252a75c6476d8f3f2d4193ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29897215-1842-4645-86c3-ab67b3a82d7a\index-dir\the-real-index~RFe57e59d.TMP

Filesize
48B

MD5
8227e4eed42d3610f0f7db93255c9899

SHA1
d3e43393860eb4c08d0e26e6eb78c1553146df77

SHA256
0ddb96e56b65005413e658faad7b8776c6684fc26cda6b1eaa5bf5088009594a

SHA512
20afc59fb99017038b922e3528a0047eb56414527deef756c7b79854ad3f37d36df4c75701d2c9c3e3d0266c83cfe0cf041fba11b1463721c1937765d4079073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c92d28ad-d49e-451f-a28d-f8f8175436b5\index-dir\the-real-index

Filesize
624B

MD5
6587535aadddcd1cc152ed9d40049ac0

SHA1
48fe08cdc8f164f0f958e1eb3290ed85e471dec9

SHA256
fed93b2ae71854bf590c3cd85efb9bfe06c6a2f4fda7fc0549fd3e5cfa1a81ed

SHA512
f5944a22cb7d8ddfa4c4fc1d2d97ee285a579ddb51ae684562d6c1dec00dd6378e36612c02c2754713aad9435c338a5fc5f484f9ba7f18f78d71fcee824a8d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c92d28ad-d49e-451f-a28d-f8f8175436b5\index-dir\the-real-index~RFe583d52.TMP

Filesize
48B

MD5
b0c7e5e61d33bc085f02e3be2a6e143a

SHA1
107cec11087554c8f578a1edcc3daaf73ac07a68

SHA256
b2b3fb19f2ef6ecd7e764fefc611530f70aad2a513ab03bc4af81c8a48097ede

SHA512
e1b2a107209c0bb6283718393f847fdf55ab1f4f6ac629c295e5d687ae1a62bc9a5d1dc4a17a3b7573fbacb951df981633e92b4c9d1ead5dc00601aba6c01aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
aa31218af494027ad36a7a00659ce42f

SHA1
57c3cf510756312703b25184a6aed25eaf283000

SHA256
a278ac3dd1caddb85439e6fbedba44e76b450641c8a9a2deb6a98c910bc0fff8

SHA512
4458279e84dcc2791ae201f70f949a235240e6054d3ef70275fd07032a0853779e383ff43239c7814d3618a7427cf58c12b655db59124f9bcedba4e3b38e4498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
452f344c351b24cbaf1bff9c6d9110ee

SHA1
97733d802ecfe0257309ff593bc0033e31478476

SHA256
91fadf4f4a1cf39828866def0a56c9ad9b71c4434a20b55e1d3d96b8c20942c4

SHA512
57e19c0f714cedade0f6dcf8ea125ff60cf90daadf5831c6c2ae3b7d78c9073fa2bccf23a9f13a658d9e23491cb4331df909c3a346a5faedbabcb4f0b145de4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
61ca2e04d9fb9a1c4ded4575d1ff7fdb

SHA1
a5854687a6c4590e70b662148fb1701deac63e4e

SHA256
8135480f0f77dc5c6a994c3e5dd8cca43944c4b519919fd0831db8a9e710a2b8

SHA512
d4aaaaac064aac5bd7f098bc909cc92104f11ca50372db39fc693fba9f6ae2c486d5688e9dd6e1f1cfce2ca1fb24a76f7951e7cc5cd6ca2d9548190865194323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
379e995cb08eb0298aa309eb68d3e84b

SHA1
525c1058c11dd63fe5ebc01f766553f0b7124347

SHA256
ec1ea0b17ba7af2917e76ec9d4bd853fe7783ccf715a45586365a3666adfe3b8

SHA512
55574b145a1ff0b894911a57bab6f89239e7ece60ba648fc6cc28db3717cfa3adc2961ccfdb5c3770bbef714fc9302dcd0dd87c442aefd5a4c11a7bf839ecc99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
8154651f1a8b84c6561f56014511a326

SHA1
54f21a58ff985bf52856a607da75afd998405f01

SHA256
17c1d121b8c197e7ab538022f42e5fafb7e04cd28b86498aa5ccf3106297d1b8

SHA512
28e574ee0482094555405f9c37109ff1324bb9bab85085ce55afb13563589e21c0a7ae632bc7ad2dabdfe40ab2b66aef1756676eb0d0286643df3a355d5b2eb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
fe4d3cea03b417fb3985168638b60442

SHA1
c85dee4fa88bdf1b3393492d63f30016aafa43b1

SHA256
ba9c35d3279e050799ef31aa6acda35210757791de9537af12b0c754ef83f6b2

SHA512
c8b11bfc2bdc3e06de4444ae84b6e4910dcd1feeb70e840d3c22a7c6463c551b888bfc7413a86eb5c28ac14ff666eabdd68756aa485679708f05b20fb3006e28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
624f6c03abdd58b2c198276ad8f10b96

SHA1
8f6c8833829e4de2e215430dc4ff9f95a2bcdf24

SHA256
638b04b3e4081c42ee3ae6a1ec428b9bbad626dee71845d4fda84493208629c5

SHA512
b2637d4eba2dddf9b1f36b5a0a0ea11c8f0336ae64b2e0ef5f1e7ffea49f2da091da94c24331aba9af41adc4dedb925195b23e6f54043daa245d0529eb951870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
bbe4f8bd884068f05a64227707a97591

SHA1
dca639f0e8250f4ece5aeec48c88d1d6d64746fc

SHA256
7c767682600f1194c464f05d90fce9f5b625c50296172ebdc13d82b7118ec917

SHA512
759103f78d46dcacef074e80ee7b1bf28935fd742f464c193a7e977c4d8b8c6abad2e7c377466867882f51612823c79b7d855ea16ff0cd0015f3310e6e1ff56c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0495107ce6e8657aabdb7e1556ebb43b

SHA1
cc4d7048854609b00fb097ab547828a095686851

SHA256
efb61c682abd8d2da8561ba413e1e7383df9e9b2e827cf81cb86c68b68629382

SHA512
4de1f36cde8c00fea99fd9d82fcac265b3ce5a09aac66e1ab6b87e66b7923d61c7b0caa332e3f803a6942c842a24521f666ce56cf829f7cba2959e8ab586e379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583795.TMP

Filesize
48B

MD5
dd442505d16bd8b29619dbbc13bc07f1

SHA1
3b57246a099ebbe6e51e98a7cfa739bbaddf5fca

SHA256
78927345fd9c0a20ceb153f61c34043903eabc481c43f8b7b446883874bc7b95

SHA512
1a715606dd2ea8ef2cbc93768ff129b67b3deb17174dd067fae6f4f42b818e849d9293a817d6b1a548cdd04e4ab6ef6f805658102091b6478e731bfbad67167f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
afed7f0476da7d78c6630be93a185acc

SHA1
cc841f82f990cb88e08f0cd4731cfa1d0f105b1f

SHA256
3176987577a34f5deebc35dca662a39766321e69d6a69af6f88481e630449de7

SHA512
79235f8dc02822b2002aaefa2f9c8a21503fff37c69ac3b032265c2e3e0277563f67bf54350b7739d7bec0928ad570f54c7e181f3c08d5e5877e515749da5581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e467448cbafb1093856ee4af836b6699

SHA1
ca85c81f375b32755e99812542baac7a5eab45ce

SHA256
24859bf0cd6abc5f66fa18756c14d31bc08cb4c15903c8b7c993406f050d865e

SHA512
a0144a377c0d9d3cb88107a21407c1f4f28145e56cde5e47030ca79ae31ceadda56a9bccb9b413d63d6af0af35f35e6eb83227ea011952d70721443a7c999609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581018.TMP

Filesize
1KB

MD5
1c517112c28dcacb0b57e22371be3c6f

SHA1
0b18e8069d712b71e6662b18abcee39cdcbc4aa3

SHA256
2696102653b3f6a480a7be02793f83dacaff7a562cb14f56f3b99e61bc4d0570

SHA512
3033d8f191d64c80938ebc5347146cd5a96672f2b9c254079189cb24544c384913d6df91685657de9552d2986193d7467c36036d6cde2284c7aa5299b32fa559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b33394a361c3836cf0f38c8b88fa1716

SHA1
4823c21ec986dc1fb88e005c04d52d8d64d08e18

SHA256
861c27738cb9c991dd4ec376924de680d831db4dc708a72c041c79914a2143b4

SHA512
85eede7fde2ee7c3a240fd5dd1f2d2f1e191bec6e4398cc5c5c98c84b5309b23b32a9e350a92aa528a43751b89def6a7dd3dfead94bb167fb75c31fedce4786d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\CENTRAL CEE FT. LIL BABY - BAND4BAND (MUSIC VIDEO).mp4:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1524-1275-0x00007FF622B10000-0x00007FF622C08000-memory.dmp

Filesize
992KB

Download
memory/1524-1276-0x00007FFE188E0000-0x00007FFE18914000-memory.dmp

Filesize
208KB

Download
memory/1524-1278-0x00007FFE1C580000-0x00007FFE1C598000-memory.dmp

Filesize
96KB

Download
memory/1524-1283-0x00007FFE176B0000-0x00007FFE176CD000-memory.dmp

Filesize
116KB

Download
memory/1524-1277-0x00007FFE00860000-0x00007FFE00B16000-memory.dmp

Filesize
2.7MB

Download
memory/1524-1284-0x00007FFE175E0000-0x00007FFE175F1000-memory.dmp

Filesize
68KB

Download