Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://file.io/Ak7A...

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-06-2024 15:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://file.io/Ak7A94tKrLXb

Score
10/10
xenoratrattrojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Rat.rat

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    1232

  • startup_name

    svhost

Signatures

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 3 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/Ak7A94tKrLXb
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef34646f8,0x7ffef3464708,0x7ffef3464718
      2⤵
        PID:1408
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        2⤵
          PID:5036
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:5044
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
          2⤵
            PID:464
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
            2⤵
              PID:1036
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
              2⤵
                PID:5024
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
                2⤵
                  PID:1568
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
                  2⤵
                    PID:3532
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4036
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5640 /prefetch:8
                    2⤵
                      PID:3448
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
                      2⤵
                        PID:4064
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
                        2⤵
                          PID:2480
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
                          2⤵
                            PID:4484
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
                            2⤵
                              PID:5156
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6292 /prefetch:8
                              2⤵
                                PID:5240
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
                                2⤵
                                  PID:5488
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6800 /prefetch:8
                                  2⤵
                                    PID:5528
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
                                    2⤵
                                      PID:5824
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
                                      2⤵
                                        PID:5852
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
                                        2⤵
                                          PID:5860
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
                                          2⤵
                                            PID:5868
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
                                            2⤵
                                              PID:5876
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
                                              2⤵
                                                PID:5884
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
                                                2⤵
                                                  PID:5328
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
                                                  2⤵
                                                    PID:5508
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:1
                                                    2⤵
                                                      PID:5160
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1
                                                      2⤵
                                                        PID:4768
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1
                                                        2⤵
                                                          PID:5232
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8572 /prefetch:8
                                                          2⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:5280
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:1
                                                          2⤵
                                                            PID:6256
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:1
                                                            2⤵
                                                              PID:6332
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9084 /prefetch:1
                                                              2⤵
                                                                PID:6340
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1
                                                                2⤵
                                                                  PID:6348
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9332 /prefetch:1
                                                                  2⤵
                                                                    PID:6356
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9360 /prefetch:1
                                                                    2⤵
                                                                      PID:6364
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9580 /prefetch:1
                                                                      2⤵
                                                                        PID:6372
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9588 /prefetch:1
                                                                        2⤵
                                                                          PID:6380
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9856 /prefetch:1
                                                                          2⤵
                                                                            PID:6748
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
                                                                            2⤵
                                                                              PID:6156
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:1
                                                                              2⤵
                                                                                PID:5248
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
                                                                                2⤵
                                                                                  PID:7032
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
                                                                                  2⤵
                                                                                    PID:5288
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9616 /prefetch:1
                                                                                    2⤵
                                                                                      PID:7628
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:1
                                                                                      2⤵
                                                                                        PID:7636
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7744 /prefetch:1
                                                                                        2⤵
                                                                                          PID:7920
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11156 /prefetch:1
                                                                                          2⤵
                                                                                            PID:7928
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13581529473903344740,5581768408090071215,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3464 /prefetch:2
                                                                                            2⤵
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            PID:3668
                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                          1⤵
                                                                                            PID:4648
                                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                            1⤵
                                                                                              PID:8
                                                                                            • C:\Windows\system32\AUDIODG.EXE
                                                                                              C:\Windows\system32\AUDIODG.EXE 0x510 0x4ec
                                                                                              1⤵
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              PID:5708
                                                                                            • C:\Windows\System32\rundll32.exe
                                                                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                              1⤵
                                                                                                PID:6148
                                                                                              • C:\Users\Admin\Downloads\file.exe
                                                                                                "C:\Users\Admin\Downloads\file.exe"
                                                                                                1⤵
                                                                                                • Checks computer location settings
                                                                                                • Executes dropped EXE
                                                                                                • NTFS ADS
                                                                                                PID:7088
                                                                                                • C:\Users\Admin\AppData\Roaming\XenoManager\file.exe
                                                                                                  "C:\Users\Admin\AppData\Roaming\XenoManager\file.exe"
                                                                                                  2⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:7304
                                                                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                                                                    "schtasks.exe" /Create /TN "svhost" /XML "C:\Users\Admin\AppData\Local\Temp\tmp9D88.tmp" /F
                                                                                                    3⤵
                                                                                                    • Scheduled Task/Job: Scheduled Task
                                                                                                    PID:8164
                                                                                              • C:\Users\Admin\Desktop\file.exe
                                                                                                "C:\Users\Admin\Desktop\file.exe"
                                                                                                1⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:7768
                                                                                                • C:\Windows\SysWOW64\schtasks.exe
                                                                                                  "schtasks.exe" /Create /TN "svhost" /XML "C:\Users\Admin\AppData\Local\Temp\tmp6D5B.tmp" /F
                                                                                                  2⤵
                                                                                                  • Scheduled Task/Job: Scheduled Task
                                                                                                  PID:7784
                                                                                              • C:\Users\Admin\Desktop\file.exe
                                                                                                "C:\Users\Admin\Desktop\file.exe"
                                                                                                1⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:5500
                                                                                                • C:\Windows\SysWOW64\schtasks.exe
                                                                                                  "schtasks.exe" /Create /TN "svhost" /XML "C:\Users\Admin\AppData\Local\Temp\tmpE1EF.tmp" /F
                                                                                                  2⤵
                                                                                                  • Scheduled Task/Job: Scheduled Task
                                                                                                  PID:6812

                                                                                              Network

                                                                                              MITRE ATT&CK Matrix ATT&CK v13

                                                                                              Initial Access

                                                                                              Execution

                                                                                              Scheduled Task/Job

                                                                                              1
                                                                                              T1053

                                                                                              Scheduled Task

                                                                                              1
                                                                                              T1053.005

                                                                                              Persistence

                                                                                              Scheduled Task/Job

                                                                                              1
                                                                                              T1053

                                                                                              Scheduled Task

                                                                                              1
                                                                                              T1053.005

                                                                                              Privilege Escalation

                                                                                              Scheduled Task/Job

                                                                                              1
                                                                                              T1053

                                                                                              Scheduled Task

                                                                                              1
                                                                                              T1053.005

                                                                                              Defense Evasion

                                                                                              Credential Access

                                                                                              Discovery

                                                                                              Query Registry

                                                                                              2
                                                                                              T1012

                                                                                              System Information Discovery

                                                                                              3
                                                                                              T1082

                                                                                              Lateral Movement

                                                                                              Collection

                                                                                              Exfiltration

                                                                                              Command and Control

                                                                                              Impact

                                                                                              Resource Development

                                                                                              Reconnaissance

                                                                                              Replay Monitor

                                                                                              Loading Replay Monitor...

                                                                                              Downloads

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
                                                                                                Filesize

                                                                                                226B

                                                                                                MD5

                                                                                                916851e072fbabc4796d8916c5131092

                                                                                                SHA1

                                                                                                d48a602229a690c512d5fdaf4c8d77547a88e7a2

                                                                                                SHA256

                                                                                                7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d

                                                                                                SHA512

                                                                                                07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                Filesize

                                                                                                152B

                                                                                                MD5

                                                                                                dabfafd78687947a9de64dd5b776d25f

                                                                                                SHA1

                                                                                                16084c74980dbad713f9d332091985808b436dea

                                                                                                SHA256

                                                                                                c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

                                                                                                SHA512

                                                                                                dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                Filesize

                                                                                                152B

                                                                                                MD5

                                                                                                c39b3aa574c0c938c80eb263bb450311

                                                                                                SHA1

                                                                                                f4d11275b63f4f906be7a55ec6ca050c62c18c88

                                                                                                SHA256

                                                                                                66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

                                                                                                SHA512

                                                                                                eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\17492625-a4a2-4db6-82ac-59a550e25a6d.tmp
                                                                                                Filesize

                                                                                                5KB

                                                                                                MD5

                                                                                                33e234b5d2b38e0db5d761ad463e96a6

                                                                                                SHA1

                                                                                                0fa31577db54744f5cf0c5974f2a8d8e0747a7b1

                                                                                                SHA256

                                                                                                866ba412ae6caf99263e2c7ba479a2e96b3f5119f62ed13d4cac683190baaf00

                                                                                                SHA512

                                                                                                d839d680767838ab11abb44ba13bd01ad94e48476bd8eb49ffef1706a8dd0979cb27a9f6504c25c1269736cce345567bea0f64ef02030b7aeaf705571c799e64

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3fb98db0-58dc-42d4-8a80-a1fd4a3a1d87.tmp
                                                                                                Filesize

                                                                                                18KB

                                                                                                MD5

                                                                                                60e32a4800a0380cb1dc3020be69d0b0

                                                                                                SHA1

                                                                                                93ef286d6682f5d6b10ed15161ea533cd5d66c39

                                                                                                SHA256

                                                                                                2631d66012a8fdb88577a05a1804addb34f1f516fca882ed6d45ce1992c25a29

                                                                                                SHA512

                                                                                                5d24e3cf57bb3319a8da7ebdeea1f87da2df01491c0a8fa34a13b4a4d574c156afafa17cddd9d5a8251016a5c56689115d775941d07d706a2f19781f68accb2c

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9061c16b-f25f-4e7a-bdf6-9e32081cc2f3.tmp
                                                                                                Filesize

                                                                                                10KB

                                                                                                MD5

                                                                                                dde345bf7ac1a70beef20395b8675e7b

                                                                                                SHA1

                                                                                                8fa0686444e7d955f47526c9d81d81806588bbf6

                                                                                                SHA256

                                                                                                f127a6ddf2eb5001eb091d0c7549297d0297d8c0e8d45a39bbcc4b7659ce5f24

                                                                                                SHA512

                                                                                                593dd4f914910e7f1f3318d27611598588a3dd51c6c7fbe50adc93c071a284ed95f8ecc6388e1ec164e5d7fcdfcb3c50cae199ad71e94f3d56b35b64eefb5aab

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
                                                                                                Filesize

                                                                                                1024KB

                                                                                                MD5

                                                                                                4322f0449af173fb3994d2bef7ecb2e4

                                                                                                SHA1

                                                                                                b6ee5c6f76b8eee448f6b4b2b56fa1ec39653934

                                                                                                SHA256

                                                                                                0502e6e2f3fc54a30dea0eb07eb19a395c7ea6fc273321a49a4cc977a59b7cc9

                                                                                                SHA512

                                                                                                d8bae6131a5a8a1fcabb2d7efebc6cdbba27955fb77484a5d87dbce7a237c0cd5e19b74b4dad28312929ad732d3b80cf3d7f15f059c88438d0bc6ff9535ceeef

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
                                                                                                Filesize

                                                                                                250KB

                                                                                                MD5

                                                                                                9a23e02c51224896115a872ee5f62800

                                                                                                SHA1

                                                                                                447ac79a43947ca2519a6a9e4d63333c81156c06

                                                                                                SHA256

                                                                                                f6acbc67934394aa13122f6cb281e96a0765dca464725108b63b046da126831b

                                                                                                SHA512

                                                                                                9d1e4546a4ced1959212bd1c0f0f8f8a09e6d69b85db5d9cd0172c614745c46143b269ac9a47253fadccfd5834f2db03d35398db16419607b4e749fbd8938321

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
                                                                                                Filesize

                                                                                                1024KB

                                                                                                MD5

                                                                                                4a759cd64bbfa02ae56a61885ccf0d10

                                                                                                SHA1

                                                                                                25ae79b88eeaaeaae85ffac9fd496d13ddfc5a06

                                                                                                SHA256

                                                                                                f9d4aed54628f2870817cbab9b0f84b8d364bfcc7118adaf1ddb8c86e70e97f1

                                                                                                SHA512

                                                                                                0659e31e14cec42be976a671ed41e7bfd5c80c0ffdb6e80c168211de7ca6b6f5deea310bad0a2995d76d51e4a3c6c5843279b681a749520c4a47aaba1725de8b

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                292bfb370767f9d0c8025787d26d5774

                                                                                                SHA1

                                                                                                205472bf47af56dc0d46d9d4a8a2d3657bb32d6e

                                                                                                SHA256

                                                                                                c74d626fca96a91fa325291f412b14706a18fb26096e21a9d6fd489b923e684b

                                                                                                SHA512

                                                                                                27a371681086e5971e8f9e5a6ad75d4ab50a7f34ea600dd40feae28b4b99ffb27a9ba4361e812426c09eb7355849d4c7989e34fa6d8a65ae36548dca350aa0e7

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                5922855dc4b2210f132dc3c8b360cbcf

                                                                                                SHA1

                                                                                                7310c659d7c3f9aba16cecfb768807a683c86367

                                                                                                SHA256

                                                                                                e344917d02d4fe6c3c145a22f932e3ca0251ea0a5a3e7f278bea96fc3b1781b5

                                                                                                SHA512

                                                                                                005717718c6fc5b7c01c3c9300fa0f824e96928401402924d1d673ba07f11d967132f31291d6fbf37f2311bceea50ea610e6a3f92f54707c4dca702d5b12672e

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                Filesize

                                                                                                14KB

                                                                                                MD5

                                                                                                c8b6787daa93f618b75498a2f78c3e04

                                                                                                SHA1

                                                                                                2b2f4346c0552d830589e5664226023d8768e0a8

                                                                                                SHA256

                                                                                                e64283151dd24e6dba29d0feeec564eb975c0a41554cd7e54b99477930f014d0

                                                                                                SHA512

                                                                                                5f600eb916c4ab4ede4402226fb4b49c6a2864b94ce89692b722af12c3dc7d377dbd6feda7c4a32fb19cbc60eaab8b3dbc5b038cbc3c52bbd4035a65ad72aa09

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                Filesize

                                                                                                14KB

                                                                                                MD5

                                                                                                a068b7373225cfba425ab822b7de49fa

                                                                                                SHA1

                                                                                                686ac392cf12611d9ef99da3f53d7e26a79d41d1

                                                                                                SHA256

                                                                                                80d36197e2a0fd1957e37762d7d358d8fd150c7c98e479cad849eb080b9038a7

                                                                                                SHA512

                                                                                                c753523da66a8cd7c2b750e55314e85f1a29b5e5d670412236fdf205f5ba311cbb4aeb373805e9f41550a6865840fbe4585ac66d7accdf0a394bde448b3954eb

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                Filesize

                                                                                                19KB

                                                                                                MD5

                                                                                                088d20dcce9b894b9ee1b81f81ad5ead

                                                                                                SHA1

                                                                                                ad506e9e85180e9811b8320a4990e7cacdca9d34

                                                                                                SHA256

                                                                                                c51b4954fac9b8303506bfcfa60f483c391f1db6bed80200db989b384e9d8766

                                                                                                SHA512

                                                                                                ee0c7b59552f3c1eb85086c97fe8177a9446acfd561b04d99d760b489017287d697b6efde20702ae5e6f21201fc21d4946d23a7f976470b129b0aa38599c37c7

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                Filesize

                                                                                                5KB

                                                                                                MD5

                                                                                                eca1790b1b4b57099fc139ebf0574018

                                                                                                SHA1

                                                                                                e637060da1d89d99cb384bdf24f363c744d5a585

                                                                                                SHA256

                                                                                                269257e2b4179ca8c79b99be2db320152829470c6431f930138ac8484b18928f

                                                                                                SHA512

                                                                                                772c0800d6100237b59a67f134501a80cce10ada49c44721c8e72229aaa30e3d14a210690645a4e6640cc6eb25657b2826783ee83505e4bfd662f9a2b7fd5232

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                Filesize

                                                                                                5KB

                                                                                                MD5

                                                                                                03bb3d8978d16b0a7bfcca506029f6d9

                                                                                                SHA1

                                                                                                de69abd16e2bd0b7126f7fc9622273e48bd5caa1

                                                                                                SHA256

                                                                                                597657744a9bb9e0c642c3cbc881a6a0960cd96894df76fccdb410fa2959fefb

                                                                                                SHA512

                                                                                                64d49f522d39368a0fc15372d1b398eff585d09a298232162ebbd2a13b7a6395beed110726d4daefb78799e83ae61e5f3d95335823b1ce92dec24b7e7f5649cf

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5792ca.TMP
                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                8fd60b1b0a1eb59d847d79d70a5fb604

                                                                                                SHA1

                                                                                                d6b9b73d808b5bf074b6505078a1f255a3e8e7a1

                                                                                                SHA256

                                                                                                af47bb40cd666a82f0142f270b056196027d79bad7bb15e7188cf9e8038a2e3b

                                                                                                SHA512

                                                                                                01a919ee40fcc31db323edf1ae63ed4d986c37ab39c3444b517e7b17c370b7e79930ff89978eada24618eb8538c0837ad9ec4aead0095e4b54d742c865bbb795

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c4a1f414-645d-4e29-984b-d68c72484999.tmp
                                                                                                Filesize

                                                                                                5KB

                                                                                                MD5

                                                                                                5edce32733a621399175a3b643d269bd

                                                                                                SHA1

                                                                                                b0d52d9d66d01c0811e402e0d3038d4760276467

                                                                                                SHA256

                                                                                                af1b1beeca7a397f72bb14665f7dd17c8622cc34d8804880b7bda0801a554d1b

                                                                                                SHA512

                                                                                                ca404918dd9726c92107d12aa38426ec34cf4f6cd5509fab021b0b95584cc8587652cbb82a95efb3ca549dcd1f4a425950e0fb252854443c7df2b48e279823c2

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                Filesize

                                                                                                16B

                                                                                                MD5

                                                                                                6752a1d65b201c13b62ea44016eb221f

                                                                                                SHA1

                                                                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                SHA256

                                                                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                SHA512

                                                                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                Filesize

                                                                                                11KB

                                                                                                MD5

                                                                                                179f143f54c0b144a54cfa9fc9125218

                                                                                                SHA1

                                                                                                e372d6d6267617af3c6c2189b37057051cc9c7b5

                                                                                                SHA256

                                                                                                bfc5d33156f8ab7f3ec9de6485f7397a0a2ce3293390607bdf01bcb6e9d0836b

                                                                                                SHA512

                                                                                                0a7fc47ff075736d2f8cf864d7dc398ebc2e8dbd6711c8d5897667467c732731b136106d86b82c227aebaa34a6fc9dffb1166450791ea827a30e4fb16ca9285e

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                Filesize

                                                                                                11KB

                                                                                                MD5

                                                                                                1018711ca49a7bb7e9641ed4fd637a5d

                                                                                                SHA1

                                                                                                3825292b921acd8c1e9adb4197e958bfaa6fb6e7

                                                                                                SHA256

                                                                                                5eaaf15b2f535e8174d0a7a892211781de75998d4da83ca408233653c5d0a377

                                                                                                SHA512

                                                                                                832d472a1690f138823da3f3463d18bff0c360b0dac34181605bc5ff6327186847e87bdfa474cafbb20f77d2ad10f2731cb35d67c5c814da15f9625e2c050f34

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                Filesize

                                                                                                12KB

                                                                                                MD5

                                                                                                06c1ee2689939484f48f57cd342fb316

                                                                                                SHA1

                                                                                                c44a0a5c32567400cc53358461232c296c7bb552

                                                                                                SHA256

                                                                                                f8813d4d0d55101b98eed9beefc7b44dd901e51e6efbb36bf35235ceb10b6fbb

                                                                                                SHA512

                                                                                                9b3bab684bddbaa57e26af535dc317493de339bfc6ca5f79da85eca83e55921f334d64e5073db282fa832c4021596e73684bd2e7bf594d12916203576b2a9803

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmp6D5B.tmp
                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                6b0ffb43517be5e8987bc7ed1c0ee1f5

                                                                                                SHA1

                                                                                                f8923ea13619d5bf7c90126b8fe5278c0bac381b

                                                                                                SHA256

                                                                                                7df2b01910ba8742ec89d348b3e08f7a530392cec50d9d6219af219b8a7a18b9

                                                                                                SHA512

                                                                                                c79f55ba5705557542b01b491979c9cdb5a0ec1320008e3abfed1d60c8d73db0a63b0304379e7dd5120cc2f6547f3365f0d07a1407cc2bb0d8a15b05bf471ab9

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmp9D88.tmp
                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                a0397d62ca78dab38f367f379dfdcbe0

                                                                                                SHA1

                                                                                                a46bb7d79e431417dc1e99aa848936466d312265

                                                                                                SHA256

                                                                                                0f51d63f93a16fed389f22873e347022a1e92c7728d5c4a56cf862aeb6675850

                                                                                                SHA512

                                                                                                27db3fe96fe1c1d56ed68706a6d0a1c42cb596fb6a91f367667498d7c5806cac407e8ff97e55aa7840b2da6148ff8cd4aa1bedf7b05aee62bce3084d342d97a1

                                                                                                Download Submit
                                                                                              • C:\Users\Admin\Downloads\Unconfirmed 969932.crdownload
                                                                                                Filesize

                                                                                                45KB

                                                                                                MD5

                                                                                                4b1b3dd6c65a39f87623e1d651cc540c

                                                                                                SHA1

                                                                                                1e45060aace6ebdcdba0bad9a53bf905d8b3e0cf

                                                                                                SHA256

                                                                                                0180f38733e9256c2af2ef322843a3cdf5adc4f02c51633451c4ff9c5b7e2b1c

                                                                                                SHA512

                                                                                                d164ae0102e8d3ac172112fceffc80dfbdd0985d82244747337ac951ac75afa5128825205eeff742b8375e6572f3c409121bc96fbca7a0102a34b420a113fad5

                                                                                                Download Submit
                                                                                              • \??\pipe\LOCAL\crashpad_1844_AUKGSCWMVPLOOYNN
                                                                                                MD5

                                                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                                                SHA1

                                                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                SHA256

                                                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                SHA512

                                                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                Download Submit
                                                                                              • memory/7088-285-0x0000000000AF0000-0x0000000000B02000-memory.dmp
                                                                                                Filesize

                                                                                                72KB

                                                                                                Download