Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://file.io/pqo7...

windows10-2004-x64

10

Resubmissions

09-11-2024 02:23

241109-cvasnavgmn 10

Analysis

  • max time kernel
    95s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-11-2024 02:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://file.io/pqo7s39oI7jR

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7777

79.110.49.242:7777
Mutex

HhfioKRW6cHDoNLD

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

aes.plain

Signatures

  • Detect Xworm Payload 2 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Executes dropped EXE 4 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 47 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://file.io/pqo7s39oI7jR
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:636
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc80b46f8,0x7ffbc80b4708,0x7ffbc80b4718
      2⤵
        PID:3276
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
        2⤵
          PID:3952
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4552
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
          2⤵
            PID:2168
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
            2⤵
              PID:2792
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
              2⤵
                PID:4900
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
                2⤵
                  PID:4372
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
                  2⤵
                    PID:2408
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:5092
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
                    2⤵
                      PID:4308
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
                      2⤵
                        PID:4848
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
                        2⤵
                          PID:32
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                          2⤵
                            PID:3880
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
                            2⤵
                              PID:2336
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
                              2⤵
                                PID:832
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
                                2⤵
                                  PID:3652
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
                                  2⤵
                                    PID:2888
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
                                    2⤵
                                      PID:1388
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
                                      2⤵
                                        PID:1856
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
                                        2⤵
                                          PID:3692
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
                                          2⤵
                                            PID:2368
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
                                            2⤵
                                              PID:5184
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
                                              2⤵
                                                PID:5192
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
                                                2⤵
                                                  PID:5204
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
                                                  2⤵
                                                    PID:5452
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
                                                    2⤵
                                                      PID:5460
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
                                                      2⤵
                                                        PID:5472
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1
                                                        2⤵
                                                          PID:5696
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
                                                          2⤵
                                                            PID:5996
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
                                                            2⤵
                                                              PID:6004
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
                                                              2⤵
                                                                PID:6012
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
                                                                2⤵
                                                                  PID:6020
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
                                                                  2⤵
                                                                    PID:6088
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
                                                                    2⤵
                                                                      PID:5352
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8552 /prefetch:1
                                                                      2⤵
                                                                        PID:1856
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1
                                                                        2⤵
                                                                          PID:5208
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8720 /prefetch:1
                                                                          2⤵
                                                                            PID:5520
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:1
                                                                            2⤵
                                                                              PID:5532
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8744 /prefetch:1
                                                                              2⤵
                                                                                PID:5544
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8752 /prefetch:1
                                                                                2⤵
                                                                                  PID:5552
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9572 /prefetch:1
                                                                                  2⤵
                                                                                    PID:6448
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
                                                                                    2⤵
                                                                                      PID:6720
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2552 /prefetch:1
                                                                                      2⤵
                                                                                        PID:6556
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
                                                                                        2⤵
                                                                                          PID:6364
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9280 /prefetch:1
                                                                                          2⤵
                                                                                            PID:6372
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
                                                                                            2⤵
                                                                                              PID:6596
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:1
                                                                                              2⤵
                                                                                                PID:6096
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8604 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:6008
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:6896
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:6588
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9036 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:6728
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:6724
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3092 /prefetch:8
                                                                                                          2⤵
                                                                                                            PID:6744
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7152 /prefetch:8
                                                                                                            2⤵
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            PID:6632
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9776 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:6624
                                                                                                            • C:\Users\Admin\Downloads\xclient2.exe
                                                                                                              "C:\Users\Admin\Downloads\xclient2.exe"
                                                                                                              2⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                              PID:1568
                                                                                                            • C:\Users\Admin\Downloads\xclient2.exe
                                                                                                              "C:\Users\Admin\Downloads\xclient2.exe"
                                                                                                              2⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                              PID:1136
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9601257424465729043,400866916719625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:6808
                                                                                                              • C:\Users\Admin\Downloads\xclient2.exe
                                                                                                                "C:\Users\Admin\Downloads\xclient2.exe"
                                                                                                                2⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                PID:6820
                                                                                                              • C:\Users\Admin\Downloads\xclient2.exe
                                                                                                                "C:\Users\Admin\Downloads\xclient2.exe"
                                                                                                                2⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                PID:1184
                                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                              1⤵
                                                                                                                PID:3284
                                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                1⤵
                                                                                                                  PID:4632

                                                                                                                Network

                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                Replay Monitor

                                                                                                                Loading Replay Monitor...

                                                                                                                Downloads

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                  Filesize

                                                                                                                  152B

                                                                                                                  MD5

                                                                                                                  0a9dc42e4013fc47438e96d24beb8eff

                                                                                                                  SHA1

                                                                                                                  806ab26d7eae031a58484188a7eb1adab06457fc

                                                                                                                  SHA256

                                                                                                                  58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

                                                                                                                  SHA512

                                                                                                                  868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                  Filesize

                                                                                                                  152B

                                                                                                                  MD5

                                                                                                                  61cef8e38cd95bf003f5fdd1dc37dae1

                                                                                                                  SHA1

                                                                                                                  11f2f79ecb349344c143eea9a0fed41891a3467f

                                                                                                                  SHA256

                                                                                                                  ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

                                                                                                                  SHA512

                                                                                                                  6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
                                                                                                                  Filesize

                                                                                                                  32KB

                                                                                                                  MD5

                                                                                                                  5e31bc88757ab8e7a7f22bc1fa0569fb

                                                                                                                  SHA1

                                                                                                                  d443a1cbeca0ca7425535b20226e6eb153194588

                                                                                                                  SHA256

                                                                                                                  3ffd1a2a589869dce3e8033a8cc0ff28315c386416e0ff2816a8059ff29dc09f

                                                                                                                  SHA512

                                                                                                                  5084bd75b3dd1961c504d9d54621dc9b5725e6885bdd5b1c1a5e662f69973e7aea149bfc4908f7f044d2430069a77fa0e3ef2d28c083ad64506006f25aa2e1df

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
                                                                                                                  Filesize

                                                                                                                  150KB

                                                                                                                  MD5

                                                                                                                  07418c1a25f64941fe26c9f10b2a75d7

                                                                                                                  SHA1

                                                                                                                  6b562d3487ccd5f7e55edb28da7ff8741b93f4b6

                                                                                                                  SHA256

                                                                                                                  1913a25220ef07b7fe56a783ce811835d970f87d3096ac4cc57521b62e3a6216

                                                                                                                  SHA512

                                                                                                                  53802f923c28521a1bed1becd184ba3470fcfa59a378b8a54216d927ed75bc9e510a86cbf04723a7727f5fc489df011f1f3ff9cf54c626bcd2c04be3d18f4655

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  MD5

                                                                                                                  722a5c8e9a28cf3220825f4e555176a3

                                                                                                                  SHA1

                                                                                                                  c662f0371ee534a0e20b1b9e6a5f49e4609fb86d

                                                                                                                  SHA256

                                                                                                                  21b7757220221262068a3943e4c7ac09e690e65c40403f3a20af4f58d1e5cf81

                                                                                                                  SHA512

                                                                                                                  0a9cc0a324b3bbc7046be76103ea9c909d6bce6017cfb7c409344d7610b8d720be6e115775ff56b4ade6e304e69cdd944482d5f2511865dd30bd60afd0282291

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
                                                                                                                  Filesize

                                                                                                                  20KB

                                                                                                                  MD5

                                                                                                                  2abd079be1223e68fdd6f520afe8fab7

                                                                                                                  SHA1

                                                                                                                  0f52ef825e632aa99b80724e2fc419fe1413ff39

                                                                                                                  SHA256

                                                                                                                  fc998bd9e644618ab3ece7ba644b58e43e6503e49b8ea2d19c6ee725c4676c75

                                                                                                                  SHA512

                                                                                                                  41d1bcc91961d70146f3434857c2265d2c1ec8cb81d388ddd187de5096e580bda69da20cf4ed56d72aac3d4e731f177b99daeec128e0ecd68dd37beedf4b3f70

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                  Filesize

                                                                                                                  14KB

                                                                                                                  MD5

                                                                                                                  412dc3e5c31d6c6313a376ab76720ee9

                                                                                                                  SHA1

                                                                                                                  d54e2c9dba1f952c902f42a1b2e295bc5785324b

                                                                                                                  SHA256

                                                                                                                  dbfc87a7b38b34f39f170122166560630160df9c716e8ef94c493a2de4b40744

                                                                                                                  SHA512

                                                                                                                  3190c927bcca5cf44ae2937c2132ab7332112373271e714a617839fb7ce8ea01c65bb8115e73a4f222a84cb9ae10f441547ef42eec01d1f5caabfb317ec86b8a

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                  Filesize

                                                                                                                  5KB

                                                                                                                  MD5

                                                                                                                  699744d77eac3afa99032b69c2f30d11

                                                                                                                  SHA1

                                                                                                                  0ad102f98d074435eec0eaec5f25906771ae30bf

                                                                                                                  SHA256

                                                                                                                  22b1eeac55c0c4d0470ce561090326e32d6285f99dc377b78ba6a855a8f6b966

                                                                                                                  SHA512

                                                                                                                  4256a9b7e8d9257f931453b991c60db6123b43b7d3274fccf070421ca3a65b4bbc9f7d1f15420545095ab14139be0349b58ca53209aca0a1edc2fff399dd6625

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                  Filesize

                                                                                                                  17KB

                                                                                                                  MD5

                                                                                                                  9d33419f378a46e96894d7c16ad26ce1

                                                                                                                  SHA1

                                                                                                                  353c53f49583cfc82c9e699c7459d386a5296123

                                                                                                                  SHA256

                                                                                                                  a7b8f3e53e6433be716b35583c10537c5577a1c66b6965721eb66dd9a014ed28

                                                                                                                  SHA512

                                                                                                                  c0063fbce17e7cbdf286fea1df3ba763ec2b73dffb724efc66a9eec6333d4d91ae9ad4cee4dd94cb88cd2e52267b9df11d06e62a8b8383ba107d98d973a02ea4

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                  Filesize

                                                                                                                  8KB

                                                                                                                  MD5

                                                                                                                  43a6942d9f66683dcbaa81b9f588ee37

                                                                                                                  SHA1

                                                                                                                  edd6b047b5b1d30360ba4a0699553845b1a6251f

                                                                                                                  SHA256

                                                                                                                  d6859ea64c6e37362a98e547781bfc28d681d254c82a504524743f9155342cc5

                                                                                                                  SHA512

                                                                                                                  739b9e52530d31c5f898b3cc0fd1cbf27ae6aa24fc6024e6ffd6281ad5d55440e938097c13f2d364e07a33a55049fcd949b811d32dc080a1712bf9d4f6795641

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                  Filesize

                                                                                                                  3KB

                                                                                                                  MD5

                                                                                                                  c01602ee8882a6c50207903fbe5fb217

                                                                                                                  SHA1

                                                                                                                  e873c3de49d5bd786939dfcef6c7ed53f6dac255

                                                                                                                  SHA256

                                                                                                                  acdf6daf7ec260622a8cb9ae207a8b8e1b48e7273e5a0988446bc1acd9709d96

                                                                                                                  SHA512

                                                                                                                  7bf1f73ce5eab7e3fdb8c6b280af2684b365ab5071659135bd7ec9014572295352bdbc0dd0f4dd63542e952cc41fd3f221013fc3f70b24c63c70a0af3263e2b1

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                  Filesize

                                                                                                                  3KB

                                                                                                                  MD5

                                                                                                                  689aca83e8283606824542aa0da1f2ff

                                                                                                                  SHA1

                                                                                                                  a9146f622fd05852814b56eab88413de1a4e4fc4

                                                                                                                  SHA256

                                                                                                                  537ce5d6d9f631f02f4592f8b4f9b0c0853bfad6bc8979caf67488488780ec5f

                                                                                                                  SHA512

                                                                                                                  25bd2a1cc7889b87653cc98e4fcc690e94361328c7f32bce046f3c11ac5d49cd40d40cefb371aa82a406ee228104836803bfa8811a2bc6a2607f733609505b3e

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                  Filesize

                                                                                                                  2KB

                                                                                                                  MD5

                                                                                                                  44899b76052e43a49442935172f3a0f0

                                                                                                                  SHA1

                                                                                                                  a01b378109e90f58742342a25c3994a44dfd3afb

                                                                                                                  SHA256

                                                                                                                  e6bb539df6f06c91df26ca680e0d412e665125aa6b63bb91952ce9958cb00d3f

                                                                                                                  SHA512

                                                                                                                  4e9a874a52cb26e4ff762effabe90eb0db49ff944da14c907a051348e653454a9eab75c5c162da6db0f8576b6aab31149a4131b7aeda8e32cd460e6359c6c431

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581aa7.TMP
                                                                                                                  Filesize

                                                                                                                  1KB

                                                                                                                  MD5

                                                                                                                  aa883331a386311dc32ae5ab32eac9f0

                                                                                                                  SHA1

                                                                                                                  8f9f22edac29b33cb70f457a570ddb02c4793ab1

                                                                                                                  SHA256

                                                                                                                  98268b44603a2f36c58bd12f48cec6faf5d399d0d523b9a7c35f209ad542f00c

                                                                                                                  SHA512

                                                                                                                  d57705a214802a2e8b1bca317f7fed8660a649bed6c880486f7bde07eec37ec6548eef3c4ef68004d6e2cad49b6ad09f84c0d1a6c9e77616f2097d0dd01d2b22

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                  Filesize

                                                                                                                  16B

                                                                                                                  MD5

                                                                                                                  6752a1d65b201c13b62ea44016eb221f

                                                                                                                  SHA1

                                                                                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                  SHA256

                                                                                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                  SHA512

                                                                                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                  Filesize

                                                                                                                  10KB

                                                                                                                  MD5

                                                                                                                  7afc63f8c7cf47079ba21cd966a73aaf

                                                                                                                  SHA1

                                                                                                                  5bbdbfd4e908c62dc190956f5871479f6b540d01

                                                                                                                  SHA256

                                                                                                                  630daff730baf142ce83bde37d5172b0d7f5b32c8913b1a7df7b72b06be791fe

                                                                                                                  SHA512

                                                                                                                  9e3604c7c4aa9ae303b411e2cb3dcf7c3e8e705500fc68d766a15fd90158e19c7dd3076058202ed78d5a0528e2d915a758aa00f2d966fe9d41cc86d7827e4f7a

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                  Filesize

                                                                                                                  11KB

                                                                                                                  MD5

                                                                                                                  caaadecd502370b723b9e3d0a50ad714

                                                                                                                  SHA1

                                                                                                                  2666782a1e1e362dbc47c70cb04a2e7b1a4b321f

                                                                                                                  SHA256

                                                                                                                  22c1776b620c9afd335f9a37c5d8e92e2e72f5e76e81039cead17c99ac3277fd

                                                                                                                  SHA512

                                                                                                                  664fdd9ff53b15b9b0984eb658847c0853376cbc50b1e35b2ba0f0162da5acec678bfc8be2f45999bae4701deec5f204f864bcc5174f836de12f4478cf692eb0

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Downloads\Unconfirmed 741041.crdownload
                                                                                                                  Filesize

                                                                                                                  39KB

                                                                                                                  MD5

                                                                                                                  6e6fd3d6091583285dace6bc241e7170

                                                                                                                  SHA1

                                                                                                                  f775f164c60f95107948f9539da75ea5caba50ff

                                                                                                                  SHA256

                                                                                                                  2da76f8390d90dd0d279846b9f138300ac17bc590d4105f65cda8b616479d276

                                                                                                                  SHA512

                                                                                                                  5025f78ddbf53d085a3332baa46cbad8e5fe2c59cd7e0fe27d11d3656b8167d08b012cfb3d9b052d7f59b4fdb999610b85266c1a5346f85b393da22b5eb9502b

                                                                                                                  Download Submit

                                                                                                                • memory/1568-453-0x0000000000500000-0x0000000000510000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  64KB

                                                                                                                  Download