hxxps://drive[.]google[.]com/uc?id=12WBT8qXg0FZyiIfnQfimIrN-sUpoTREP&export=download

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?id=12WBT8qXg0FZyiIfnQfimIrN-sUpoTREP&export=download

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
5	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{714A678E-A705-44A0-A488-8A4B715C69E1}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
1300	msedge.exe
1300	msedge.exe
2520	identity_helper.exe
2520	identity_helper.exe
2328	msedge.exe
2328	msedge.exe
2748	msedge.exe
2748	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 3580	1300	msedge.exe	84
PID 1300 wrote to memory of 3580	1300	msedge.exe	84
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4840	1300	msedge.exe	85
PID 1300 wrote to memory of 4540	1300	msedge.exe	86
PID 1300 wrote to memory of 4540	1300	msedge.exe	86
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87
PID 1300 wrote to memory of 2472	1300	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/uc?id=12WBT8qXg0FZyiIfnQfimIrN-sUpoTREP&export=download
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bcd146f8,0x7ff8bcd14708,0x7ff8bcd14718
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3080 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3376 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2472 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3644 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,3181083051749254785,8474970824272808991,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:3400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
24a806fccb1d271a0e884e1897f2c1bc

SHA1
11bde7bb9cc39a5ef1bcddfc526f3083c9f2298a

SHA256
e83f90413d723b682d15972abeaaa71b9cead9b0c25bf8aac88485d4be46fb85

SHA512
33255665affcba0a0ada9cf3712ee237c92433a09cda894d63dd1384349e2159d0fe06fa09cca616668ef8fcbb8d0a73ef381d30702c20aad95fc5e9396101ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
37KB

MD5
14c460a1feda08e672355847ea03d569

SHA1
f1e46ac6abd71ebbcdd798455483c560a1980091

SHA256
d1161f067875a5f686c1732a442f340142c6a03244f4dd0bc0f967596f6cbe3f

SHA512
cfd6e743986ae5074e73264ee1f311fc00a987bdabeeafbf55f5dd6ef0794ccc393507be9dc7e38181f2f10897c300edc297976acd3fb72da2bf560ec260af91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
21KB

MD5
a6d2a865e9f16ea305950181afef4fcf

SHA1
082145d33593f3a47d29c552276c88cf51beae8e

SHA256
2e5d94863281987de0afa1cfd58c86fde38fd3677c695268585161bc2d0448a2

SHA512
6aa871d6b2b0d1af0bda0297d164e2d685bc53f09983e5a4e1205f4eb972a2017323c99c3cc627c3fb01381b66816e570f61d013d3775cddad285ac1b604cdc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
37KB

MD5
ecf848914187ace4c8a757028d19b51c

SHA1
7fc0a198f47f74c8a7c7814ebc35032ce10fd441

SHA256
ec13ee490d2a453e28fc99dcb950131112078f684a1c68089a17aa508c792ca1

SHA512
81bb10663afae3cf7b8d63e4ecf37e68a29d4c43159b5a12fd31b433cd27aa8c96319f8d5ac05a37d57339fdbf24ca2974678a0745ab8b93fa2323ce9f7f31bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
24KB

MD5
3f78316b5485dea877ff986c00eb6b0d

SHA1
0ce8623b7e34098655883d3674b4265bd73bbb64

SHA256
0ef4b35cafab7842d4aa4eab3e9fb270d8d89011125c08d49c5260c3cc246929

SHA512
1056a68735f58a8b6795f28407fd03e645d2fa09bf6fc73d47f6db09e4ea57704a70094a6b70daeaee4b2c747e648958a1b569bdb489636c7cdd2ce01b2eac12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
17KB

MD5
7d10a6106e8f9e85ae68e310ca2b8433

SHA1
32046f676521ae8b100c0ef88e5e19e1cc49cfe9

SHA256
0c00f8f0acc2ac3079edbb2fcef864743e5ad79da49241f6f28cca83984f7204

SHA512
78bac570118c28fad9bbe3ab261668743ceb81a0229c9bb2267db4228bd9eab1bac1bb07185347cd3fb80a6af62e15e587278a577f215020368399be897864b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
19KB

MD5
6cde00d4c70f65945125b46ffb494046

SHA1
d86ea8b9520beaa539c88febbaa73c14783106b0

SHA256
ff91dfca2f1749052b460ebc05256cc222dc8ef7408aa515661bffcf65b20f88

SHA512
9a423e5f783c1f08085577fccd454b9be7952636710c95b98b99795b4fd790c3bf1d8bb22fc39288521890d0038ba5e157f57bb7d9ea0e745544c2db5ef6b2ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
57KB

MD5
1d9313f850dc7f90dbc817920e650fbe

SHA1
cf05a1ca3e477a5295c6b82cddb21364ef9a8c93

SHA256
bc1c1dc9729b72ca481ca91597830682b83fc30c2637f9c73c762e748583dea7

SHA512
d0033fea8fe30ecba6d09580b20cbeaa0f927c7014ab2b788f6e75580ce58e07eec3e53a74228d22f7f95ab6ced8cfcf63633aa1fb1e969569d8a9708e7474c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
23KB

MD5
f30b3adbd12ee3ba8ab0cd893cce815a

SHA1
5459a76cccb9e142d63bc55374e8ad91fc745691

SHA256
bdc003b7a18d5eaac6d285fb402fed92e1adcf485ffe61ccb86d74b9daced864

SHA512
600f6a21667dd707d8e8c5edfcd4c267966a553c506693c3ccbde414ba48ceb84e50abcedc907a951354d14f719aee997271e15ea298cfb351ee0987137de09c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
137KB

MD5
e947e95a0fd8df1e8c8eb7cae1f96f09

SHA1
22f36705b4a47f05fae77201e936a5c65cb05bfa

SHA256
14fd0b00467eea3d8b863e4aceb343135fa64e8a3b4098d58765199a9d2062a1

SHA512
24b9a4b0b5ffd6ae11ea6cc76d88da96cd0579254dcd463e1bc5ddd99d9850773ae861594ad053d4d07882d4970267aa3789940a4eba63c0543588cd9b293dd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
22KB

MD5
9ec8ba204f6c45d71c998a0ce1dd714e

SHA1
e6790bc2fc03148c9d9cc1b3a91f4c5df3d8295c

SHA256
a4daad6848500cbb261729ecded45a13e2f102d666cff8a0e2bf5991ea5e5c9a

SHA512
d30fe0c1f7589354e7b228a5ca4e522e198c6e7ed30186c54025e991c7dc9a324e1cfd243ed2009aed863c01c3b341ec88bd74aca019e13ad52f8dc2ff3c6ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
73KB

MD5
f4b32be8d1dcff07d4965a097b0d572a

SHA1
2571e233398a7fc3f19eb46a51c92a9d1fad1fd6

SHA256
dc61a06817c12afdc8167a6bc493f8f4e03327960d62358d4a9ef06525c4fac9

SHA512
3d09adc5ec56578bf25ceea99181230c43d13b3b78a4de35f6a79efd324c9ee45dfb75af25526481f94084347fc4712c93b096ef393c3257d73d18b3bf377144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
54a2ed9608f955c7facb2f1c5300b922

SHA1
82bff0277eca670a7b131b922854b71feefddd5c

SHA256
8463e446b41ef8ecb4f60111622fa8a13b18a0465c9a7080fc0e1a3ec5e624bb

SHA512
a1e8aef2e7ae9115bede171ee9b0195169a3a53c417038ca8ed68d20f7c5ae81a5f4f53d34405faf3870aa0f96b845561407a673d77e9e97fd1595d48282885f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
8666a25a0e1059ad2657e93375871a4a

SHA1
db3ba3f96342b145b97faf1c3e787c96ed8bec05

SHA256
2bdd6695d4ad5be9ca3a8d42889b3faf4f3c80bfddfbc8747491abe121e91eef

SHA512
abb2b9acba559d1925ca45efdba93bc964bf618227604dc1577356d64cfc8c7b600be87db8e43c8c65b23993615b3e32b293d5fa5ae1e660e622c385820f8779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_opensea.io_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_opensea.io_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c29786b79b1abdf20cb06a0d71166698

SHA1
f73b6ff033be4d587d2b2ab785c3fd5894581734

SHA256
74c0531745e36ce928cf42f0d1da346543172eb5a2923336a3fbeaaf04cb4ad2

SHA512
7f79d8714fbd02a91f73a126c2abd3c2412c9eb4df42810468f79607f359155ccb72956c0a6a4b17bff94bfad0399da0e79a6a57128873bfd4c74f5049728da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ae804637adf81457fede0c52b2e824c

SHA1
77a50c77d3dd600bb21f8ff42561b5005f702db2

SHA256
d90f4a0c6e5bcb2901aec87d7d1257b8a74e3d8d7b5df103f34e84912d915100

SHA512
c712018758a9445799a6c3db37f6317e9e1044179ab5e0b20925e37c772a3ebec9e70794d89446dea333ff527f2eefcf6d39eb2159bf96e0e6861fb00299e5a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f04640b1f18882a732bde389b502eee

SHA1
4b8fad85668a5b2f9b189f98f712c2b06b36bb1f

SHA256
0f599e9a87e2b0251630db4ab9b37ab8d1476acd654f6860846b04cf24830d70

SHA512
929f71f96c666264e8a5145b1bef748a38177a54eb9f43397d56b3056e5cb931c23b2ab27fdb211700b549dce175c0eff78db55552f81c896c3e8e2172136a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
03426ed187bdb8cd0f03e1bc2a9871bb

SHA1
2437f640bf4d0864b7f8d5f1c9289fb39b04bf1c

SHA256
233b58ce1462101b2484ec357febacaed6597f55cd6a72cdf965efc8c570dd08

SHA512
1bded9aa61a4e1278584b03303da63d654b3208078ad6a2202bcf4c1580b218d3a451796e567691618c735d156089c00fe1f7bf6c59752f40bda804e2a8df501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
21f24829893ec90ed6013c53608cb6f9

SHA1
07cd4b980d525dc76d2cc5b0e8d3139020893e88

SHA256
13da235a5e9c7059e25609f971af7588e43dc0a31ce0105b287dc50707416f1d

SHA512
52945edfc02297fbf0ea38a548c081487c7aa20924671b1c9290b5115857a61eb70e3e93cff61407a19fba183a9db3f29924b2404d7df092c9314ec040abbb33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d58b2432b7eb7715ee60b4df05e151c6

SHA1
d28507cc6932d3bf8da1607c323f0a0e83506f6f

SHA256
a9a6fa6921352fc59a82e043a30e0dfc5ff1f30652e654eb51896f3608071689

SHA512
73fc01bf067fbf1caf4d722975bab556caa26b374ed29afd05c01f405debc00145975118d0fd4b4ed8bb3b89dab28d854df43567516e3966fb1fdd1e06c1ec4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a0d8891f61bc4656c559fed7962b776

SHA1
30710b8fdce88b83698d6b950d92f6b6b6d9a7dc

SHA256
bee8ad2db3ff8dcfbeca2e7742c4fd4cf3f6550d665d0c8cb860d2416cd3fe78

SHA512
178cee9b441340163cd4affbbac2c5f6431dc7d53825c7ff86df8611f5f6cc1ae8a8da6eff0ed8c645080a39c97de749c9dcdd8d419fbc1b311f4c3425f7a3bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
74df75f3f6c6c91b5e111941940d516a

SHA1
8ea7e72706d6e3d2e7d96658111160fe1678934b

SHA256
000f5ef7902688ef2ba079b4eb5cb0362ea53f1ed7872a687c1650f8bed7d41c

SHA512
3a9028d4229c31028839162edd7f2886e6356491892f29167b9cafbe3158e00bbff2cab3e6bf612b69b7b8b588d5c858a4f80d1a3776f9284b19c3781f612dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
99B

MD5
65112e0ffc779194980ca13ad59ceb2a

SHA1
c57aa35b7c07a1278134fde64383b8f3a2630cc4

SHA256
6078c0ba00fde317a9be08a28d7d679d148257fa6ef5c73feea89a59fc8f5db3

SHA512
46397235a7c9728db0bf6cdab244d72f1874d82be896107d123464af0fea349a466f49096de25fac9b705c8cef4cc5bffcd97ace2e48e8086effc18d35096327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
35B

MD5
343859b4ad03856a60d076c8cd8f22c3

SHA1
7954a27de3329b4c5eefd4bdcb8450823881aad6

SHA256
8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f

SHA512
58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9250d0c1bcfd2337a41f9d6a3c0abb9e

SHA1
c6a38f856fe759f3c80fd0501e03bee0161995d1

SHA256
061a3260001acd1009afd8a7d3f82bacce6112b2576fb909fb92986a238d0cc5

SHA512
c94eeebd6ef7c56ac725ea49afa63d72acb157eb3877202989586536dce0e2a77f0e9bb0993f4680488bb0dbaa8b540ee52c04bd53dc23231d98480d7aa95d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0979a2bd29f022dad4a95488d0793757

SHA1
795be30800d90ff6adf41d26e8c7d34b7f774839

SHA256
1214c593ca8967982bdd7a437571e742c199926d71a7d94fbf74eca3fdd7ab6a

SHA512
8f905523086291231b4b500e4e6004b34f9a23d82842c8009da7b20db5325c56aa8ac7e59de9ef41629bcff7af653664fe11d46b3b9b4245067a51a7d34e60f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
422f8b4ec99c1cf2e29e31d689261cbe

SHA1
c83a20c301ef738f56c5abc80b22300a4a67d3b6

SHA256
9e4f60922d7bfe3b2af9193d0ca949fd11466a92d5b6a343cff7844062035e8c

SHA512
595d96a7257511da9d8f1205381cc07bdb378eb1eaa7ef323097c2daf4e5c05174b76d0d2e803eb7cb18a0d472733c0b16ec0f8b72d6438e7b4b558dae594984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
40dc78c55dc405d67e46907775b5ac6b

SHA1
d63085f77e9d44b2a9554fead81f42f513176b52

SHA256
a18fc07b056a0ec5303dd089874cef014da17647a1fd311f825ddb6fd7dcd78c

SHA512
e4d63976e58f365fb9912f60ae6eb5652e8999a74a97230bf61d8379368e32e2c13540d48543961cea8c7ae1e75b31eaa47cef601c0871068ad724d1234473b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
de2183bc8865ff094bd55496d76d8ed8

SHA1
f9c22ed501a5356ce628f853fb57f052c1cb3a92

SHA256
0afd170f2feb9a7f0c05d69200db971f9ccca6a9429adb9a3aed82a31d844679

SHA512
3052bbae98bff75997fe81e80e2051c69f959a310d86698dc4537155c06abdc025203003d4b0d936e4047f7551619c7ba3033b7a16bd1efab4c97b8cac3e4c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c5ba19276eeb8594ea63e24bea6ca474

SHA1
9677724ce1ba6e3242029b562a032fbe415ac7b1

SHA256
86e8f41e6c94eac5dcc5ecd325630ed0e681735d65e9fe3fcc735c4380437374

SHA512
07a0e4233e6fdb37140498aefc0ee3e3684386561ff4ecd89dfed453d75c208e45046ce95915c4824ee7ac73a423b00615d11a0b265f8d3698057abed213fc93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f354247749398ebbbcaad0b8d51fb7d6

SHA1
dd68b6578bf9d7e163e22efd97638d4640538bc9

SHA256
0761a73e1180252d161ffe71c02b9995a1c5ede0f32947e0040e5acf7969784f

SHA512
aa13a4403f4070fc9d09aaa65dee24b0b481f35dfbb545a324a777fffdb572fe9fe4e12402d0a277f5acff421a3946df00941cb2058e036670597d5fbcd68fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fe5a76183c3c201906ce59821b217a73

SHA1
fbc3e8fb163e88cb0f3392f2bad0f4cc5d480760

SHA256
501d6e1875c9975ace15ab22159e47f52ba300f40dacd6e6f4ba0e559de6d96b

SHA512
381eb498dc52bcec1d021b439098d36ed2c9ec5ee8bc23dd5f7c00dec61a544c7d63b93a1df618a2ee5e71ef1c9a92c698b2533e908c8bc2907b3eaed70854f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc5022cfe9aa355371374102835098ec

SHA1
6f292d1d2c8faaaf88cde897bbb5295894ad2150

SHA256
1bf4e11b21a10cf1f0dc78e5acf3836f4f21d52d3eb4158ce4167080fc8ed625

SHA512
49da02b97b8d904a59223dba194d035ef7615df466ef93f30a055feb6b5ae9c99c1b5674ac19c171ac56b4fba3d87d98c7051bf9fac491a6ce9953665ea68b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
53d0690590e42fbff083c3522b7ea76d

SHA1
0be3282654d2234f103e0e72f2fe08ad4906b288

SHA256
0ecb6917b2153140896a9c4d02efbc22f4b06d76e421fd1c0d7e1c179175c103

SHA512
d9ef0a33ddb7a478f3d3163e3ccc938606e980d1b87e0faf8e8569faa6d1b9c8042933e537a35622c7020fc68256ecdee7fe68bd677d5336e189b0e6da46ce79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1349fa7aa2fde1885405ade2afde3417

SHA1
e6c8ffc9904f564cdd539c1ac005eac87252c7a2

SHA256
55e77c55bb169a9d48f17a0a19b479fc61db13e548c68cd001645ada636e2ea8

SHA512
bc072d90044110bca38816398d8bd2b5442d36032999da178e810e0e52ccd9e64fff29eb51b8febbccc3a91ef0a5935a8ba8cbbeb314482da6084e1f9b683da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cc97.TMP

Filesize
538B

MD5
6cbaa8fa75d1f1c2450f7e5de17ac9d4

SHA1
729b250da37caea5baef2cd25352bd61804ce871

SHA256
0c897cf890b25d024cdf272de8e82a844fd17b1b080e509f8bae856d58cdc586

SHA512
6c8a7e3af2e8b8f21e2b2cc8dc0a770d78da79f2a60cd8a7138cdf4cb4e40fb9d688b5c856a2e275149aa2d9e04265a001105210dc2e4ea6be2c4930182babe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
802296e3e30bd1a03505bdb35e5a3716

SHA1
05bfd0bf0303ddff6b9e56d7cc225596e2dbd6d7

SHA256
d296f63ff36f7688a037debe3c0cf8627ca90960cc5746300207734848013af6

SHA512
c3d143299eefdf32d566871dd60718a03dbb22488cd6c695a20106ffa89b1b2217b4dbc18e120629df0814d214d7d13c2f942157cccbf69f89c1073454ad8bf2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 422685.crdownload

Filesize
234KB

MD5
fedb45ddbd72fc70a81c789763038d81

SHA1
f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a

SHA256
eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2

SHA512
813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298

Download Submit