hxxp://youtube[.]com

Analysis

max time kernel
266s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4528	msedge.exe
4528	msedge.exe
3348	msedge.exe
3348	msedge.exe
648	identity_helper.exe
648	identity_helper.exe
5188	msedge.exe
5188	msedge.exe
5188	msedge.exe
5188	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1052	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1052	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3348 wrote to memory of 4100	3348	msedge.exe	83
PID 3348 wrote to memory of 4100	3348	msedge.exe	83
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 1204	3348	msedge.exe	84
PID 3348 wrote to memory of 4528	3348	msedge.exe	85
PID 3348 wrote to memory of 4528	3348	msedge.exe	85
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86
PID 3348 wrote to memory of 2816	3348	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9657b46f8,0x7ff9657b4708,0x7ff9657b4718
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3640 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2516 /prefetch:1
  2⤵
  PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,475168148086413264,10533967708958686246,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c0 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
23e76a4606deb4b09f6dfbf04301c6b3

SHA1
22a4585ac8a26cd04ebf8e2f2da055dac423845d

SHA256
b16dd8127abe7de5d846cc567c67c5f5c49b2e12495fe0c4d178b35efdb1c414

SHA512
993c196f22abe2c9b5837a246490df24a879820cd663f37a1cce08f46b5dbfa9d418f9f5a21af2b3d05c7d8add54587b25b103a377dcbe3017f94299f606ebc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
5eea3f13ae74836986d0e95ad2b2b6e7

SHA1
00acf1d6201d151500ee7623bfb1c93cff78826c

SHA256
ba8bd6abdf8f22eb7b72f90d05357cb820bc9e343b953e75f583dcf0e23264ab

SHA512
94f2022ae8f0e771ec3a348f37294877da0084194f6edac1a9b2ee0b138b8d031d0cd5908bcd09a018c6f3d2402a1d89fccda860cb73cef7d07e215f52fa53ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
91fb22dbb562670521d277e15f7c269a

SHA1
44dd562023a635b583c28407b3603abd2400dad9

SHA256
b3963af3cfe105943a60c5b4a3a38032215e13332a6d0d8752d76ebbca473062

SHA512
1d49f51d865c513cfc9264a6ea693d9d8908c4380ddffab2ef94d32905e7bf3f0e5adb25d6be2656465f6ed2b451ff14de2bf3f364f75fe899befe899068a458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2db4a34bc269c079a03881501f6feaf0

SHA1
1e90740dd3142220a17da9f9818f96edb46d6080

SHA256
1197620f269c4de8b427d1c20dc1eedc76ef478581d70f849f444af779968779

SHA512
fa03538bf0e5c1feba8a702a2c397d10383eef04bde170eece10c590aa39ac45bc3f8e20ce163ab1e5abc19249c5c0cf2b35b7a5b6e240e76cdda2b18af829df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
07aa0642fc84b3b074b641d63acfd644

SHA1
b25b6befd499f3b2b521acdb8111dbd38ec3b8bc

SHA256
54b3a415d892adffc728b35949b0fd2b39326904c34a87a053e04c0a3882852f

SHA512
e6a9f51b2de8b671c5f8c574df9a3a079f897dac7b43805f23704c6fdb857e42261ed0880537797a212e5f1b4dd84c1ac8f7b60beac7301643fc1748ee90adbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
45492acda9e0cac677d1b49e49633c7f

SHA1
b73e1fb6e16c7c0ad921c780983b2171093bf9f5

SHA256
5eac560cb39e7b365608587bc889a640300ef282cc5b7751c13a7fd872524733

SHA512
2c6c894e7e5a5983151ee61295d1dcddf86ae76fb5dede786b177415f78345bb62a299cf90ec52ca071829851a22923d8708937bc47d89df4d37c07c84555779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
9e512bb65eacbf5da05c519a4fc27350

SHA1
2bc14734e4ff3a26f81def88a10e4ed67c9b5303

SHA256
1f6ec25ff729af3933d2775dbb1fe67e4fe7aa825f484db055881bfb5e49dea6

SHA512
404f13e8ca9780b2eeda066cc5e6762f68b12f2fb917af3c9658c885364a8a533c1365784969134eb52b3131ecd29e6791137b0905ba69ff3e804876f755489e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
31f745b131d0b9d2dc978d0fc4e1957f

SHA1
24261f69b6577c63bb767ae127c4f9d04c17fc2e

SHA256
7acee1bf3075473b6213f022d30af9509d8b8325df5d52b69ed3698a6ca6a76c

SHA512
9b66637ab5dae0e1d3c21a9586985445c7ec205b1d7f5ada250cebe80b4f231f106c5f91396d0db91cadcb203625eb9a79c98988fa4435cea30a8c16c61d992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
67e8573e7d72475925a982777dd0bfe8

SHA1
ad85a6b7a6e6dc5395189a7dffce40207f12a829

SHA256
f9b723f728c794eb913a2d800f24d1b5b5722bf272ab61d6c2d53dd29b771ca5

SHA512
d8ff23c6225870f7b45e066b7360a0dcec842037bbecb13a2f9d032098df7dddea5d4d64bf05483cee95b07ff49e74f97bd5b43721f5ad34fc688c9a0600f876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
89df5decd9c586831757d3fd9b2a9af0

SHA1
6c2d42a7d75db51200569e16766c21d586db798a

SHA256
063337c3e955b4f529391e66039ff58d220152a6bb20f62f17e96e0b56c2b8d6

SHA512
0f42504a602e141da0005745150a449dc45c6088e9fb067ffb17d6aa89dbe5afef7691bbd1714d5d95a1cecc005ac98db2190d6452eb1cb0a2e36476d4dbf0fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\56a7f5e4-5c40-4061-883a-d8adfc09b03c\index-dir\the-real-index

Filesize
2KB

MD5
a7f68a029407fceb378bde671c6fed34

SHA1
d6d9d27e76721224ea2ece5a3714c74ac42a4c5c

SHA256
3354c858bef12f36861662310b07222803f91fe043c3da5b0e590f3b14740d77

SHA512
67ce01d9e1d7f366bbf8ac151de03c0cfaa7078df9e0f7efc300b05d5281ccf7cedc677c48d04dee32084e14cd07cd24330632c2fe197a1574a150762ada8be9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\56a7f5e4-5c40-4061-883a-d8adfc09b03c\index-dir\the-real-index~RFe57a160.TMP

Filesize
48B

MD5
853842d897443ed20583a15829cddb4b

SHA1
0d7d040499de6f0ca7215cac95cd8745918d471e

SHA256
3e96ae630c5098ea8ed3099aeb44e81e332dc255dc955f702f7b78ece125bed7

SHA512
5a762a3e100bbc84fb002fb3927970cb633ef186dc5dd909d5fc1c4c729479b4ae0f50324e7f6f9918083f2397e9c256430edb9f644dc9a017710c6ac606fbba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
ac53a06279491e3081bf18b12b18d9b9

SHA1
d36d4c56cfd9782f76c2d77c47af51a84f7183c3

SHA256
0aecb11d44d18633a144ce97985df113d40b7791b43d389668d0768f39882084

SHA512
76aeb783cfecbedcc5149142025d52655a85534bfd8c82f5545e1be52445ca285b88dc1e9ac0e090d05424206612344e01d83e5fb7d0239876177cfa25ca9204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
b7f749a1195ee2857e6f4557e173e4ca

SHA1
1e2466f410a6d12f8a8c3220826edd417a4aa291

SHA256
1418651371055ab12d780640b11e9f8df7156ec5a394348209e9ef711f40ec70

SHA512
fb234fc402f6de85ca31d45d4dc206edeabe9e47e42d52cca2ae4f84728c47f0e51ee61a3f6543f9ab4e8f68cec464e6dc9617c1671e0819d5d777aaddd2da29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
193e383a4052c635235c88076b4da6ec

SHA1
2ec865d079441946bba2120d8dd3db7171c6ef57

SHA256
bd9c6f9724216fd2289e89bdab89ab5b0af010d18382b46d9055e9c64e3e43b0

SHA512
d6ff6972945997f77f5ef5fb6a3d5655228dfe02a011a9d0803f916bc881e563f8a782eccef58bbfc888a49737d2316895e6b5a6dd607c06b9846a20fae05ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
7378aa8e899acaebb51a8f664eab48be

SHA1
67e7bd4339848f52fb186498ba167aa80b8a3bbc

SHA256
1f0e1908e9609c0a3db683abcae1ab2725b07f5a31fc03bb974fc5552e73720a

SHA512
e7e4a75f3177e88904f4b42142e08e83d21d0d717c230c554b2bf856b3977c70bfa1bf644a7f04ab450c25042578db1585788f29c0fd62d2293e2c28951659c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
c019272d62280cc90563a1e076792a1b

SHA1
59e71b2ae39d26db7e4397f83211d75bf994a1c3

SHA256
c245fc8c9083cb93a327e86a9a401c98643c7674ff771e18af2a733df5eff3c7

SHA512
d1879c673a1362325035623c0280e2e89496aaf1dffba9678b772cccde2c83b2648efce1213e02902c6f456e095726b06eafbd123e4daaa42bd6602fa90b7bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ef32.TMP

Filesize
48B

MD5
12793f029bc257b231856f09c1e29b51

SHA1
d457e7636fc4a24061e3b1053d0f02691ac6398c

SHA256
2966322d151f0be23deef8fd9731f3f90c607099d894d083e5511be3b4410a46

SHA512
1cf5277ee793aea0aa53e1d6e6c5a4c3cf08f2b402bd7d3079f7d4e49da996241cd0f5096d70f4bfe18f3545dd97aab540ce19394c96f9935f671b57ca8119e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f3bb08b21db5e8e06b819ac421ab8904

SHA1
ed8d506d987bd62cb39407e8c2546b9b20b63336

SHA256
14213468ab211d2c1254ed8814629972dd974e63dc06f346495a5231549a0806

SHA512
65870dfa95ab9eacb6c3ec4b4b09b6e5f1f606ab750809a78b6ff5fb72309a9983a4dd28b1b3384cdb2302911fd2e2b72bb37c5c1597c8137069f5b1cd9864d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9de5f39fab393973592034eb07a56129

SHA1
f6f4603bdd20c41015fc15b6a4c6c9a768611c5d

SHA256
7791c6b1450a3490a538c7e0ff18daedf706fb30bd0e8517ecb9612964d8c28e

SHA512
a35abbd8834690e0e8893c1c68f8c01657d80fab8955f2f499f97100711bca6729df5e250c9d78411f662e53a3556de7e09dba72d22d63284e67760aaf26b5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
00d06b62cb87ed6470fe4c3246686ca5

SHA1
8bf202d3d769776e44fed4add79f7b14f35c7794

SHA256
c1cb7acd349304ff0235f531ee2145e02e093b318f61f11ff8be4e400faaec03

SHA512
a829d4d052d444f91e76800af9cd0a2ebf68ab6f62f05cf14fcc5db1ba38e7996ab703168008d45dcfeacf4cb5a53d236d0c1896628f0efbbafa780589d109ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
32ce4c61b2c2f27532961fe54e4010be

SHA1
f5478d6d6ccb8d32d0d16454fad47cd0fbcbf3ec

SHA256
342f74ce7a342ff2b433d94ec6c3fdb04e2b0396c8f4f3bc6628ad54105deaa4

SHA512
16c5aaec34a0855be1f311b6238d13409dd63a73450e7261512da65a0556e64f54ba72ff5b7ab29e2176dabbd64290565ded57f4daf958b57ec118c04ce3223c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a971e9ed7a7f0423eaedc5713535e300

SHA1
215bd9378fcddda890772b8bf540459b06c95dc1

SHA256
0e6730427b4e6781bfbdfc0876b9fc71dcfa68442deb4505489aa7755d95dcf6

SHA512
e70548e55dd16c7e355641fbf2f6e0f25e14ef0875dad8f18c509ee67cb1010601c7911f086894915491757dbcfee89dee9478a0c209016d982570b920e0436c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cd81.TMP

Filesize
873B

MD5
236d5d40a374eadd9a87f7c76d1e8efb

SHA1
8b96c2d7377440f2883123096d5993eb70136de2

SHA256
1631d35714faab3e90c8b1705e4ea7eded3ac55c9d35c7f3d33fd24367307f21

SHA512
7526d23d4744fe0d2183fcfe818228939d6f4bfddc5b1efec8788a55ec45eeed89487e1533813f38e8fdfab4fe5149cfc128b904a89a24025d03eb450c1fd1c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a181d782c3fd9b3caad4fba408e71cea

SHA1
d93ece50395c79baee11115d333e9a6d1a21d003

SHA256
784186411584b632fe7c6d934a4ed908cf39090052b2128520548ffe91db5577

SHA512
d3b736e88909b691de8dc1a7712be92df771113a83fc787df3da8f4f8da80aa7fcdcd642844ca54e560696ffd2bdd90482d27e581984324284e6647e0b0a08b7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
72067edf3e2f42c712cbc536486b43c1

SHA1
84409b54b03a61cfc6d1112f5a0ff4ca2f8083aa

SHA256
7482f0ceda6d236d36d1c1cb18ce2abb5fe907de36ba509b4ff6537e6c7a74d8

SHA512
54c0da0a7288fbe05987e49d6265d9d5ccf4b7b37ec8d5be27063c89a002b0d3af84506c5a1ab8c6f294bb3317fbf4427bfb99b1ff4dd2e71b91930146d84443

Download Submit