hxxps://drive[.]google[.]com/drive/folders/1xSV04WtBMJWphJosdg6Cip2wcwcP9WSq

Resubmissions

24-08-2024 16:29

240824-ty711ayfkh 6

24-08-2024 16:25

240824-tw2ffazhnp 6

Analysis

max time kernel
299s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2024 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1xSV04WtBMJWphJosdg6Cip2wcwcP9WSq

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	drive.google.com
5	drive.google.com

Probable phishing domain 1 TTPs 2 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	208	https://openai.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8b84bb15581d6649	3
HTTP URL	246	https://chatgpt.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8b84bb951bae9fa2	3

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{965FA25D-2DCB-4A34-B71C-4EB29C8FBF94}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 816533.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
2640	msedge.exe
2640	msedge.exe
2856	msedge.exe
2856	msedge.exe
2216	identity_helper.exe
2216	identity_helper.exe
1968	msedge.exe
1968	msedge.exe
5948	powershell.exe
5948	powershell.exe
5948	powershell.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
5300	msedge.exe
5300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5948	powershell.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 4296	2856	msedge.exe	85
PID 2856 wrote to memory of 4296	2856	msedge.exe	85
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2636	2856	msedge.exe	86
PID 2856 wrote to memory of 2640	2856	msedge.exe	87
PID 2856 wrote to memory of 2640	2856	msedge.exe	87
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88
PID 2856 wrote to memory of 2996	2856	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1xSV04WtBMJWphJosdg6Cip2wcwcP9WSq
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6c7d46f8,0x7ffc6c7d4708,0x7ffc6c7d4718
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3468 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1968
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\GPU-P-Partition.ps1"
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6504 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12023270915344299366,8065147836762677817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
  2⤵
  PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3088

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
36KB

MD5
eae5fc6db735938044a4741054dca29e

SHA1
5ad3a1d30f1123fda791830cd373b9d9041a5663

SHA256
967e35cf9787773151cb0a3945617f4a25b0232c8af0b8b8db30797426c40d3f

SHA512
a996760ff518a4781eb2d5b6074fad7645b1c06fb98d1dac86c919b67d0e04289790a7e45c57c22b8ac28421b46ed299ecb38d6d979711bc95bf804f47c8556a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
41KB

MD5
60f8cd04587a51e31b51d1570d6f889a

SHA1
88574c41d0ab81721b275252464da5c7927a4835

SHA256
27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb

SHA512
84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4e236cedfff52410bd29785e9d5834d6

SHA1
285a73ddd6d71cb2dca98060a4b969ab02358b09

SHA256
a27622be79fa73b0e97576c33f94db957aa864548630f321a6f57fea6bc0a883

SHA512
e988f33f1852614d2db71d0281751ea94534843ad1f1aea3e1c550b485dd0796424c562ae7f5e350ebf1c65a28f2dd61dd6ca818e365367ecacc6913dd2f817c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
270b1dc7bf07d4bcd040b6c2410e96b6

SHA1
7b27514345846c47a95dfd063a9dc13c7684e08c

SHA256
c90171efe6272f2076e9143d5dc2e2f4ac7cf84f60f51ba0f69ae229a473621a

SHA512
6ac9e0f1a42a7d93e2f84263e2634c3ae00ea1dbe30f216585edb0b3f0bbf3672f8d8e60373d7d6669f45f0f87cc435563d5be48e95f5117b315ab449bb8343c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6a8b8250a851bf05b38d3fdf06d05fb3

SHA1
be4e5dc4b7f37358540568130dab63581b6b4059

SHA256
a2b17d6505c71d362b9d671a7e63d8532f953b54dfeef30dee5eaa3a6c7f05f8

SHA512
77287a3b87d7e93f863270a26d9c9283c7d97fbff8810a8ac3d2213a392e4e4e5aa034e0d77ea59d8f7f42b630a8bfb488b5ee65edb1ee161d65ceb1e148ecdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1212a81360668f1cd488fd8e9520c90d

SHA1
245c4dfb3f5e199cce5f9ae8c0092cb2701c0957

SHA256
b4417c99feeef31463f89d3ed868fcd5a81e954bca1c260fabf2cb2f53b987c8

SHA512
8df675fdb07870f6e1aee4d4caa59567b42a29537788be89172e69e6c52998f1abfaf8a0a7e55afb5ceaa11702f9fad6256fb71a7d23e5c6e5713d4ccfeaff79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
295c3dcaa6233852343ff61898387ca7

SHA1
843e18c9e9ef866965aba70141824e5b7d5c2ea8

SHA256
5fe38bed53d11c3ae2721a6c4902577dae177955be8800e64ff356a88948c58f

SHA512
d35f219b04da96a0ee14646a346b9f2fbd197dc1c91336d3bf1d3597d583c8fef4a38a991710fcf90c8b02b67a7b5bfb141697307ad287f23a9b46b09d302eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
d8bb9e65c0fa6428c5fbcee8aeec4ab3

SHA1
0d827c0eddedbf71e650e4cb0995cc2e68bed45d

SHA256
fddc105202d6670fd9cb7d991c5994d094294a9581443a8f7d247f14cab760d5

SHA512
c042bee479764df78d7cbb0a1323c0d693e39405502d196660e04fd047061352e735f258db5497e189c2ddd049c5b7c83470adcc508e7e61e0077d27bded823b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3661e014d1a10d01a5cdb12320b221de

SHA1
3c50b29ace4f51899f04a923e5ba3eb635d6573b

SHA256
5d67cd0581f8e268055a03efa0081945ff0234832c8e73cc829bfdbb65ff8d89

SHA512
7d129b4a4709bed82b6d53da1b3fcc0bf497cb21e1abb7aa4c0b4f5ded77c86df3cdf887b580610051bcce738f6dea01d5df1375cf2e53ca3cea7a92a32d13ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5e2918cf0e93d6328fb0f6f4fa911590

SHA1
140c859b5b2e8eae11913d2c63f5a59ab4511397

SHA256
6dc808d25ba22065a81dda98e5421cab116482397865945b4948d8249232d496

SHA512
4b8de508c676366080f980555f6b0ae74916b6d8cf0f0de11b21f3b279e081178d37accf2875146ac1e138c837ed0bcfb6829041c166e26380da0c316d92d9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd218f928d412bd813a6afec280ade6a

SHA1
9c7a319b0b3fe6e224ee746198cfec24d3093e82

SHA256
d6f666196913747b3d2be8519b7762c27c0c3268c8b743a8869bb35241d65284

SHA512
633a50a6c9f3c08162d22c8ddf444b0c7f5b34263271734b818ec913c0dfe0e058c2819ac5bf67c1ed8e8b7aee6165a9da8b7f9c647dfbbf910a83ed25b32dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cbd4f67c28d0b495776580cdd0f2b8b3

SHA1
4a509a1e1e726cc706e087ddd2d74aa6f49e36aa

SHA256
61135ce1deb527c8a4205122ce1100b4282547991eff78bc7c8044bb7bb3de51

SHA512
a3df7509f6c768cb811fae80c96c5fbe9c2c5379bd822d7d9b16f2dd32434ff5ef35d48665ee9f895b64fbf65d3a54a46ed112e50bf2ea674eb744cab27da7c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77d056952a442c41b0a87176a4f2d40f

SHA1
42446c1e80d291ee29c8e10f278b26b42a6dd28b

SHA256
7cf54e101a0fef652eae1ca7b52b8bdd37c67abb7425f29a9e7e5088c4e65975

SHA512
59cab3c6a00f6b076619ad01b6a12841ea996cd865cf3a74430a8bbf609947781ff547755fe7f37e2a447f08b026fe477bff9d82b6e7aa6a149e885d17de539f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bcd57846e0753842d6de2419989c1396

SHA1
4881fed520c46204561d84c86a85050b1866e93e

SHA256
b38a13db829fefaeebd3f00860f1d4f30a64d063248810264c5723d7d4c0aa82

SHA512
7c80362fb43570879422c7ece702c57367fd6971f4d5eef06e1c1778875ec02010f573ea9c456e7cb769c13929e514a4fcf57691c1f8820d854b84d288701bb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
78c99f111fc815cfb895952fd8018572

SHA1
edc1faa91b55141c1cfa4c57eda3ff29b67bbd50

SHA256
60cd8fca466089953da121c624bcf9995b1fbe3c85aa6dae59a4a41695ead1bc

SHA512
d1cfb223672785635953bf847b733ea94e5a067f50e79e44b88bf4fc4003a14bfff16fdd3dfa9203b99db4499915c4af0ee28b7313e7f45e92c749cdf6b63ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3cd755043710d6dcc807f975c7345109

SHA1
0eaf30bfda53d6db6521f3cc9a399e65a60e0bc2

SHA256
0bc28f1ecd69bde66d3cd496337377ca5e42038fda70e698812213061ae32990

SHA512
e4a7ac9857804891b72d8e6f0c2b316dea908cb58b3946c07e072920023a0c35718cd44cd3ce2e14ad5853145449ed2df9049b82e0d0cc53b321d955ade1fab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6732ab78c257aee58c67c51158537a28

SHA1
551ab4589a2ead2386a55db1c0e2b2097a5ee040

SHA256
ff3d1b82d6f0077e8308256b6a17661ea15f5337806fdc45b042fd81d9e094f5

SHA512
125916403f24424f90c1eb45f39e1bf151d2dffdaaf97dc0cb548cd05ca816c457d10f940f66d4f85ec6314653cf315aa19d3474b992257795024d8a7d118feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e0e4cd1c2af89f669419ebcf2895929b

SHA1
7782e5195b636213fe2c25f6f62e0410514a6144

SHA256
624cf461e77b1daed10f0b9eefaa2d9c8e5f8f9723da9637018fc6232e9c1d01

SHA512
2d8d0a2240dc58e536ed7a2d167d7742a43a3a7ab70a5fa4b5bba19dc547cfcf21e2946322df49eab74ddf3b8c103161d5b057b295502776bb1c14496c21ea45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
90a2a623c8eefacaafcad88d54ca3114

SHA1
1a54046b60361c7dd373410e4913f6d41116d4a4

SHA256
473e39cb63c32ed3acc8f2ff1ac79dde9fdc98edabf8711e20167d45b40dc14b

SHA512
af326e842d6e5500fa60833011fa9a3bcd5c7183e54ce8c9f72b28f91cfd42ef19166f4d017aeffe90bd93c934c0d7668e1060a60c0d95073ddb795d1990451b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a067e217b48a70fa023abc8a98d3d44c

SHA1
1698d64a9e1f6f5f9a3e162b8d8d162704c094ae

SHA256
9c86ea31bb9d94eeee5d0b03ac2c232b46fec3e2c77f36ff26b19302541e096e

SHA512
76d0461660fb970253849e6346423a82c9438c7e6d784336284a91a8df003fa2d664b913f5cfaf1cf04388eb3b7292b0486905930c1d9efa1163cc6fd78ccfe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b7fffffa24b22d4e6a53d1b13fdff20f

SHA1
23439df29b9129af44a498ecd99ed297adfe6804

SHA256
b18b0027f17119b6f34238856ecfd30df1b24ff20dcc6ff233ae135c8afc9850

SHA512
567a69c0edc21b6ef63bac8d28177ff5bc88f06c14f0c87d1856f8c2d49255770e2c6bdb10e0b944e2f41fc1a3979529a9cfab1fc8d61ecf824edf602ef8447a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a11ccd565996e9e279f3a4b655dc1238

SHA1
21f71352702f6ee1f4ceab8c38077aff1b3cf853

SHA256
a0d0eadbf6445ed1d890238467a65a252f082e1f8b32a0bb9211258b85c03642

SHA512
45678897c21242340b99c915c011122371d5b36c07857b5de6c351d3e8bc75170be87dc8e6a8b748f137b187837dd826f9db9d3c7ba914ba09f2d40acc9970e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
25d0a979eda5a3d0b065832df659149b

SHA1
a4a5962ee76ea24467af57fd7e53e4c7f100612a

SHA256
5ec2d8b8a9e98f53578a583ef5497965977e5059f1a0d9cb690c635d0aa9afe1

SHA512
a716e73eeb9297c3748f587124f47614993bf9a8fc098464425c57e1e9050acf48919ecfe35a11832a2c52199a45c453f51048f131477e59b8de335588a92697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1341f433b5e2e312a87baafb71a4453c

SHA1
f24acdb17ea432d997561ddf3be256589accf86f

SHA256
1e13ca0ed25bac463ca4035b3c37083435675e38f13c6385eb52617ca0cb00b7

SHA512
f98f6b4ebafbe300db2be332b72d6ffd2d7795ac2e19296200ca75b905a60b278957c027b4280f82d2b9f12a927357a637046e6a2afbd5f742ad0d269cc4d00b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ecf0.TMP

Filesize
706B

MD5
486ee263eaed0d9afc12bce4a612ff05

SHA1
317ca10411abaf260d5bc967719ce298a90bf82f

SHA256
8343fcee359db8b1dc295c4def0f6d84d744ab116e9debedf001e89645b790fc

SHA512
0fa5c436baa1096c5cc02c044a6153a7ae49ce491eefd2b7189cd4fced8f34dfbd664bc3eee1a579d9b58ed042407f2ff625905bdbf18bef268781e81cd57c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a14f75ec950f9930bf77acf2ccaf975f

SHA1
eda9899bf167e1a5afb4ddcecae59acc4483f058

SHA256
7c7a0dd4ca56757aa650560d99604e4a7ea83f75b7a14a9b5e63a96afa030ffd

SHA512
75a1d0d059b71765fcc6c2ff05d11a3fad0702e77b38e49a98935403c3dbea8b6aab01a5125c8288206aa79a1a49b9248f3f6b00df48d27f3d4b3b8710fa2011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8fe98ae101ad0684de3f2c2bcc488cfd

SHA1
55cb7760df166995a2b07f56c99cc034ed48a341

SHA256
44b2c05f0b84a9bb24dd753014c86da5aff091ab3dc016bff9e4801e14e09774

SHA512
f17445c94234210124cf31d3e83f20f165790448fda7ee51b18af138f7028e4269e1f6c1085942237042375ce9eef63309258a95969c8131dfe5abb2b236797e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9d39005bdeac8c5c3341cde4f989b14d

SHA1
c29172bda27a30c622d4481f51b9cbcad3e833e5

SHA256
6a5c120b9764d9367c7e0fecf94f8b32353b91c599eba3c8903a3bf507d0b42e

SHA512
69b939a730a512a0d26da41f7ef64f9221553050fdf7e08d04cec6a523f743f71aeb78af00b46deea050cfbf1cc27fcae8fc2e75b8211778208af8dada51c258

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4zz3mlqi.bll.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 816533.crdownload

Filesize
625B

MD5
f5e5434b2f457843b30e6c9de6bf7acd

SHA1
2648b3bc1fe3c04ca44e060f638d4def6341465b

SHA256
cf57f9bf5be2a9db0530ae88a71edd27ad338de96545c75ba258a016980b19dd

SHA512
ec848d21e13e9c616d92689adc7d34d505813e033a375c6b1114463dc8c26cf964ce759c8e525a77df679b622cab7789e3ae3a7c8c862ddec12a2407a62069d5

Download Submit
memory/5948-275-0x0000018C61930000-0x0000018C623F1000-memory.dmp

Filesize
10.8MB

Download
memory/5948-303-0x0000018C61930000-0x0000018C623F1000-memory.dmp

Filesize
10.8MB

Download
memory/5948-668-0x0000018C61930000-0x0000018C623F1000-memory.dmp

Filesize
10.8MB

Download
memory/5948-286-0x0000018C61930000-0x0000018C623F1000-memory.dmp

Filesize
10.8MB

Download
memory/5948-681-0x0000018C61930000-0x0000018C623F1000-memory.dmp

Filesize
10.8MB

Download
memory/5948-583-0x0000018C61930000-0x0000018C623F1000-memory.dmp

Filesize
10.8MB

Download
memory/5948-245-0x0000018C61930000-0x0000018C623F1000-memory.dmp

Filesize
10.8MB

Download
memory/5948-702-0x0000018C61930000-0x0000018C623F1000-memory.dmp

Filesize
10.8MB

Download
memory/5948-233-0x0000018C7ADF0000-0x0000018C7AE66000-memory.dmp

Filesize
472KB

Download
memory/5948-232-0x0000018C7AD20000-0x0000018C7AD64000-memory.dmp

Filesize
272KB

Download
memory/5948-231-0x0000018C7A7A0000-0x0000018C7A7C2000-memory.dmp

Filesize
136KB

Download
memory/5948-982-0x0000018C61930000-0x0000018C623F1000-memory.dmp

Filesize
10.8MB

Download
memory/5948-383-0x0000018C61930000-0x0000018C623F1000-memory.dmp

Filesize
10.8MB

Download