hxxps://drive[.]google[.]com/drive/folders/1-WlEIMUbceb-xcFNhxXPbF_bTTspSqwA?usp=sharing

Resubmissions

09-11-2024 13:16

241109-qh9m4sxqgk 7

09-11-2024 13:07

241109-qcqcaaxphj 7

Analysis

max time kernel
428s
max time network
430s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-11-2024 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1-WlEIMUbceb-xcFNhxXPbF_bTTspSqwA?usp=sharing

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: DiscordFonts@master
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
9	drive.google.com
12	drive.google.com
222	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
4548	msedge.exe
4548	msedge.exe
4608	identity_helper.exe
4608	identity_helper.exe
1816	msedge.exe
1816	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
4276	msedge.exe
4276	msedge.exe
5672	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 980	4548	msedge.exe	84
PID 4548 wrote to memory of 980	4548	msedge.exe	84
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2524	4548	msedge.exe	85
PID 4548 wrote to memory of 2212	4548	msedge.exe	86
PID 4548 wrote to memory of 2212	4548	msedge.exe	86
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87
PID 4548 wrote to memory of 3540	4548	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1-WlEIMUbceb-xcFNhxXPbF_bTTspSqwA?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f81e46f8,0x7ff8f81e4708,0x7ff8f81e4718
  2⤵
  PID:980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --exception-pointers=69638602801152 --process=176 /prefetch:7 --thread=964
    3⤵
    PID:5544
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 980 -s 764
    3⤵
    PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.CdmService --field-trial-handle=2096,2868517006886490542,15448011299020779635,131072 --lang=en-US --service-sandbox-type=cdm --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1a33719e-82ac-4533-8ddd-ad2ba157bd9e.tmp

Filesize
2KB

MD5
c605790be643730b91c4d5207dd9cdaa

SHA1
3fc4e6bfe978c5a153e6bbf936f570a0bc17632d

SHA256
fdfc1fc5502a4c7b2772ee700da339b641241d895a6e50434415fb140bbbce06

SHA512
3042bab339852e687796c1833ea1029db53e05833201691d2e65c27ebf0ea7ff7cd149f0d6c51d5d0985a1d8ea8d634877fa0592ceb66ca525460110bc86e5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
33KB

MD5
8d3c9ad0d2da7700f9f4025d78a020af

SHA1
850f31105791ca8120baf53e0c6e2407c2e46f92

SHA256
64bcc7f9c6d4b9ce6c38ecf0400da133c58afa82fc8c24ed1f87f27d7f215e26

SHA512
7ea30fb996929aa21a045b468bb098be755ba348b9339a82ca4b80644a002cc79015b4e664969458d03d936c692e0407520387e10a3d9d5bbd7cdd92986d895e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
20KB

MD5
eb77bc2800d9fc63ab6d008de39ba433

SHA1
e272c72645ea3f7881411a7447c09d1ce8223c5f

SHA256
4d896cdece4dd4e55114383fa239d45106f2be70ded3a20f7277bcd561737d92

SHA512
8a9e30e8a419b06114fd65c2e550ec3927fc6bafd98849c4ad79f8c3ba19f101d9cba7aa7c8f0bc06e9eeec851b4033917ffb0e906292b4f6bcc7bb4381ab00c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
32KB

MD5
d51156aefe1bb617bea2b80267421bf6

SHA1
21f5fb668da9d0a0b6b71f2c4f4c2b6ceada50d2

SHA256
add2bee75d3c9389bfe4ccafa5f08a9f1d3ab2f644c7ea02255070479d09bc72

SHA512
fdcf53ba59bc5e72954c6f13183e248354fbf6be8a51ee4bb7f4c9d01ca39c27c1eeed184572900caa4f48d279acd2b1c3ae0878285a46832f0724093898d8df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
20KB

MD5
e097423f1749fd6a3e21ff2df812947a

SHA1
23b26e1e7826cf458e154e9cdb0f1afa8d90bf9e

SHA256
3dadbb5d4e785122b1174ee12b248088e28fca6aaf78e4f8251c512469e35872

SHA512
65a4d58e729460c496d25703e41a7663b96d5bbcd48b3fe10d7078ae5f305814ca931d7df7b5a50251e6787344f9c23308a2f217f206919a670ea9d13e9de87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
640KB

MD5
7efdb65df06f5730bec7a7f28fae2dca

SHA1
afc400744bb695a27a90e1079d4974a55b5799c3

SHA256
7554b5983bf00189bb566bec7ea27eeb06e1d464de8ed08e006451aaa22ab26d

SHA512
df9a549ffaa6080e8c43328e2e845a356384effbe670cde54d42834e7cbe02bd9ac2644ea7819a14b2714165f622dfe7bea725209066ce192ef931ac22663281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001c9

Filesize
301KB

MD5
bbd073d1b2040eb8905818e4d2991dd5

SHA1
8c5ae5a4976040f66384c95ae6635602896a6ed7

SHA256
a86d5f0621b502160af5ab33c3c37f63d56fb56425ce0a1c12e666aa4fc35737

SHA512
8b6dffa1403368b5424813ab942c6aaf0cea7f90da22025d7bcf5f1a72f681bd1ffb8c3d8a8637da8fd399748cc8f8f16f6fed602295743a9c0abfad098ce3df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001e0

Filesize
704KB

MD5
315df1a12d6c9f33180f9589341bdf02

SHA1
0612b5156149703ca31fb03de3ed2a9a8311d10b

SHA256
d51d3daa76301bc7d29bdaf7a9687503820dedb52bb31952187c9a3a22df96d8

SHA512
1f2cfc324158a484ce55b17958a738eb1c9466ff033031e7f10361276e9c31d30fa288acf535940f5522a27fe9d1e57fbda0b1a58bdf762812700233ee9a4d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000205

Filesize
373KB

MD5
6d07a9418dfdb6589c4455da74182b6e

SHA1
8e7860cd3a24f5669574eaabeb49e76e50325ef8

SHA256
7b851118ccaba8d853133396c711a237229c94d3826497df04a0a05b38881f4f

SHA512
90512e2e55a481898e0abe3bff0777b2e7874f2586c85c86ba05475af1fe73173612e73f34b4fb9ff5efe4be5b83e0f0ca0a25224ad2e8a89872c97fd467c09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00022b

Filesize
319KB

MD5
b0d24e0f24cf27023adc95b2fa236a04

SHA1
067711b6c3a45a10863c9c731de790136601ae1b

SHA256
7b17f87ca6c465e7564632561fcedd06906c752f6f169c20399f36af45f430a6

SHA512
16879e2f5b69b2d1a36324f73016538b83bf591d63e94d4c53a5b22d65df558e9473297017ad15ca399e7477b8926b7e64af1b330e9466f3e7d5536233ed1730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00022e

Filesize
683KB

MD5
b64d923b3573fe2df893d6d5f549d079

SHA1
bddf64ea2e8d20d70838d84d179806c1e5e8294d

SHA256
45ad510ff2452d581cbf10d9e5e622c8470d5a614b692ddd425d9b9bf55af75d

SHA512
7c47729b7a02213cd1db6dc3613e0caf761cd91a26e13fbafff456d22db2cbb0b401d4b70e79bdb45d0497e081eb0a012e0f5a4a6bf50c99202b71d6067e0c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000232

Filesize
704KB

MD5
6223f8bb1b431a55b4be9916bc4d3707

SHA1
5ac316dc191981956a1a351f194e1142581e5c36

SHA256
2ebf8df8dd6d5fad9dec9f93bda9b161012ee1270b5eb8f3bdf79a4ac50f91d6

SHA512
9aead7d503903fa536eb34cb186d1367485d5467a289c06b03cbbcf95fc793e3c357d01894faccbae6aa82495e8249e5c1d719165c90ed0597f8728d069cb5c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2a6c5693b0e2d0ad_0

Filesize
281B

MD5
2f3472c13cbb26a7633309cde976d124

SHA1
80141b8bad6c53f48511d40eb5d6f06dafe204d0

SHA256
615f1bdcea91c921df2940383abd541ade1350ffe97ab0c5c2d08fbd860cb2ec

SHA512
b9b3d6ac9f1bf6b651ff2721c06343f6b1aa4873989bf43892ed9d0ccd9794a2a83b10b9ffe1f58b988d86ea6af8092a7ff81342288c6874ec27b09535a64bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

Filesize
212B

MD5
099e8fa437969afa526cfaea89b55b6d

SHA1
ad1f42c31ddb30142f8f9e25f9e86500f31975dc

SHA256
fd93f598f416a14ca045a0dcfb2689d3d4ab9614076b0895466fa73065f01768

SHA512
0696b7b6e458ad7526ef39d161385d11b1cf4131c57487365d17c65a253699f1952424a126b25b615897c8bb2ac1837c80441ad631d68e6bbb8ea7c99b1c73a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

Filesize
7KB

MD5
1df0a4d1bd3e51bd8c2f07ff2ee16f20

SHA1
b71e67172b2ae80ec02f7b554ebc4019e35d7b44

SHA256
ffed7ccb07a04c709f1f1a314622eebec9d5ef281af0ab2f9276f73aaee6f379

SHA512
a2ece4f9b7d8614ed8f587b5776e9ce175879b29db50351e242798141409bd39e8b24886b1849370e2b5dd307b2da6f182bba40f8a4a0c3f10849b8db159c062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48fd781b50fdc46d_0

Filesize
101KB

MD5
a6db1b557b6340c48c6704fca539e9e4

SHA1
cc92f555ca87eee94c0649a89d61fd5b4a04621b

SHA256
50c22f83e03ea77963f8b5bdc764c055e24dd0ff30fa9ef9e1cf583c06ffea02

SHA512
7bd65c113a628ba9a8ebb1a22a3f27ffb9c3a270609c62014ecd365555b2c248ebf10d37cad2bf092f34f6e35a5c0bd168f4e06b119644cec1671608a4524dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\92cee4bd2da323ab_0

Filesize
55KB

MD5
7b70a3e9273bbb097c895e64c74e3146

SHA1
fc830c632a225b459261d44dc89c9ad9ee9b66ee

SHA256
1bf0fd670815dbc1d79a3ceda92d7a86733f48f7bdf28b3a6618c320414eb1e8

SHA512
6b31484dfb206839d2671957a9ccdd68790c3db44e97980a0078b99d091a74857be9200f5cd19de1a9e7d109d88e123ea58bb9a33c2469b91f8e9b9084c759c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9545717e6d151d2_0

Filesize
62KB

MD5
1cc60cfa2891b26db92bab2d1d8f9fb1

SHA1
af16d53220589ab218615039aa8e720aa0e8ced6

SHA256
f2a2ab945c44750046285838a5592ec7e11a926a5de186c02f74b86abe482101

SHA512
70182166efeff3ad16f7d82ebae5ab7c13618eac2a35d8d1946e26ae74a9d4125d743e22d675733dbe5669c5f10ff9a3dc6bd841380c1366b73a674c072ae815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
81cb9f5742e725ed8292cb8aeaa78f6c

SHA1
cc1a1398740545dd012063dc71593b383f727846

SHA256
064269194c8e80ca87f8f9dbd8a1cb9a6fbd2d699db0373fad054a389f816849

SHA512
b65c8bd19a68afe576c9c24fa02273ed5c411f7aa1b0c79796560d88bb589d7f29f339f38f89c87463026865f592cbd5203cb73801851a586fd034695d40ad02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
11fc38b70f34dd5f699be2554876bee4

SHA1
1bf00b478c1adc811de79618d20f8b067c3b4069

SHA256
a1c64b5dbcb0ad87020dcbcfbdda9d3838efd10a012242907023d5b026dd588d

SHA512
e56512cca4b1e59482fdd83482099e6b500cab7ccb6ad66d7034769db5c0f0101ef9a28858155f2009695f64ade325ccdc23ba6361ef9defebe320ad550e3d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1795cbe17f3d7c02c32fd873b972d697

SHA1
f4a2be2c486f87c9dfcc5bdc42a0a61139c9d862

SHA256
626d5169aa552e9a8657e4b9e32d5be1385ad03cdff6a3e4bcdedb172da2449e

SHA512
41e8d596bb65a26a5e86fc3c219a4f181a66f99e1901c8f9ab34c63ab48dacd28803a3fb226815ba359cdf6b51e016f44b8aea9d10d8338b9de9ff9dedf11eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
c8cccfa2c300da68892c6e05d4fb54d2

SHA1
34035f750a8568f0511cec9860feaa4273361ae6

SHA256
94230373a404718ec436761a57b33936dcdb605cad066338eb6e9c1a5b8f4c7b

SHA512
b57d3d6be7cb67f547cf8c4dc54a9195e2f1f474bd709826e6194986c29741ba275afe4af3853bca320fed2657845624f49c004fbe48bb44aa734b008ca46f1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
609f810741908b8504e11a84b2bbd8ae

SHA1
19643c9dab1bb2e1efbf53367ce9d2d24a8e1ca2

SHA256
7900cd51299d3b7849a97567fa3b3751005ed907e502f25672210d6e8505ec90

SHA512
f29680a7fa6a4bc3c1364f1be8e83ddea90aba61d404642b0c8578762724ee001f37ad9aad39ccf2af3a1a9e438f84d6c6a17d2ff492a0d4efd8ec6fb90aebec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
11831224c6c1889e786d532cc7c695d8

SHA1
182f82ba33c4bc7b9e1436295d0f53ca5defaa44

SHA256
0c25e46bec7c6aac31fc05b4361399153cb26e048ce1bb200b5be782ef0dcf4f

SHA512
918f19a0b2839c00cc781810d8a8896fb2213dd3ef80bf8d04f06f0e361d0f5b89339bab136a4ebf81f0558697dfe49e1d545a09701571f90a99f73f707a3a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
e124c54a4aa04f9b241831fd29295fc5

SHA1
3975381b33a44179b47f0b8116ac5aec9f759322

SHA256
defd5a1f22497373f5c82bd0a7cf6e1b5c6299bdb27988b71776e35726896f42

SHA512
3609341d9690a692022afd20aa9c49ddeec80876a53f05f165d40dd3f0e6a226fe72748998387bb5210167bcd1fd600f9458c602a19893e47f1e2ed44bbd5056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
bfc3f58c9bfaaec0187e92d4f3441881

SHA1
78efc2edf91f73dbdac518426860c54c9c0c96b0

SHA256
5ff7da8e345f36d10a3f14475e82e86d3b42d84eda07324b0ab414840b6cec1c

SHA512
21ac59682eb6d638432e53cbed26f1e35f26f4553f4a0c95ff86511aead6846f68be8791a0cdf0238095b07a81186aa4df498fbc1a010bc3fd9ac5ac20dff0fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
17f796e82bdad9a8d81932eb10f9a349

SHA1
0e1ae36ce6d7bdaf0cd9a539c0a45aec32f841c1

SHA256
0d0a8014206a3f27291f5bea6b5b96e3ea6ebb25a631183453d1cd45c7884058

SHA512
657b1e3a7555963fe2c78ab71d69c59f2e143f1340c0f3f14dd8535941eee5f416c7d62cf527bb00554c9f3607bd0a6472c225a4119ad709784d8548dc57ce2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3a9d8a6bb38015a0430f9d56c71538fe

SHA1
978532c14acec33c4e8cd20a24cd6f7c370217d5

SHA256
1b6e73d0cde7c139fc8426a833f8e6ed84eba920deb2e5aa0a7e721d9772fede

SHA512
c9bb253854dbc7c4d944e95341f74010e75929303516f37ece70abeb1fbb69ee89b0848e6e1debc1e1b8da31c1cda08fe54dada5b50da7ceade1ddd4e06cb5a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
355c1e0a7710a69ddc37a831fc35b13a

SHA1
bbde2f45922b7223879068cfe5a207b4bdef4574

SHA256
e399564adc781e07889d15f54d75f39d3c2fa45d472d8d714c0ac3a9a54600dc

SHA512
347d55477934d8203ed86186f616d237b66ffacf152f88f56609a463afb44228e24473260ebd96638a98f338fbee2244f675d1b87c205574a68c0aae44bd91a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c65ac0bf35c4ff410df693b5e5749591

SHA1
c78b5bea7e4f98d50441f57180d199d50752811d

SHA256
7cbe4bb80c10996b83d39acc651b81d63de872c4273463dcd42dac7955300c09

SHA512
d84efa785acde57c5772b4390096f730f4b25942893aa313b7a6dfd15207b82adb5f882b51b583fdda826d58b17486d43ddd4dde6b01a0b409e56c0ed601ee1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f7b84f7f59a38d0068e08bdff8790ee3

SHA1
7cf8baaf9a94e63140133b4178591820ecf00910

SHA256
792aa796e4f762d96a843b918ac1a8228a35684fa4f5b282a7d1cdbb3d92dcb3

SHA512
57b46ecda06082d5e36d4b6a40c5bde3e344399457c58ecb2ffe9112335d7a566d4fa5c93886854cef9a869cfcf0c2747f137c031a062cf152444b18f4786636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0c552d507a44fa10aa713d856135c8b5

SHA1
a215f1b8132ace854be7ed295c964ae2e363eff9

SHA256
6d8f06e3cad70770d4bf7951dff99f6a6f42b09d20dd0e212666862ecedb2f7e

SHA512
24f9709d64047b8879e431d6012113368c6270b1a5e6a8dd5dd31afa906b06d5b7ea995c09019d34e703ea2a4cc440300f6d8acabc940f2077aa484154433be9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
334fa55ace1a78886d511cadc51e080a

SHA1
988efdd28b526215b674c387b6698cc9a18460b8

SHA256
85a620a6e5b1f2d7371da2718f6735518a7ff3314d87bbe2995ed0e04843ec5a

SHA512
9414627bb4f0dae878f232a56498b23ed860b80cdc14ab76314efa6cbc79f9f529ae54192496d31179316561c84da04cbdb037d8109979f1ca73045a4a5e9dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2bfc82949f0bd74e5f88bbdcb0575e36

SHA1
d1fa4147e9fa025a8e3da2a678aaef68465b4a16

SHA256
8547dd13b7c0175e566971201a1cd5ed2ef5f665acabc5d1c60351c04f30551f

SHA512
622d95b843faf66a0eb8831537a0203d06ce9db2cb9e7149c2751fa2bb02af8240a54abb0e72d0573055713d92aae19924895f82158c1ad75fb47c5e2d2c3a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5c2c9322f3e1704c4245c288ee6df3bb

SHA1
536cbc395d7d39cb748ff3f8552ede2d5db407ba

SHA256
80202e558f1ef7f17e18fdcb2a531e1095a266fbfb7d3967aac29ec7b71fb87c

SHA512
c22e7fe913b6ed4e1c1db52f6a5187572574e8b82c8fb0a126d16b1b805bbe42e880eab3bf957a6d3566b64b0a0137b7f9c5007f79ca3e4abfd650a3882c07ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
30f50fa4cb26310232dc60fe853ebe3c

SHA1
e154f5d48572960e70b9f71d076f6e5dc21c2f41

SHA256
134dfca34f88d83b00a80bf8d03f2e1c5c1f71b47933605d7bbe8747c8065fa5

SHA512
16453a739c456a3e864aed2d43f9f3e115c4c481b68c92acc6cb09b9e4b398f466969a92ef11b53ecb12d2ad4aa9dbb83a77ba1a11eb6b3d296b4525b6887085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
192d25aa6f3cbadbb5cc4deb7484637b

SHA1
bdc4bfa7819e1bbeb463e433e3023485aa9e3a86

SHA256
4c6b9a369989e1d61d5d6bdf22f0bb5ac474b6b6c8a50a0e5db722aa49767ab8

SHA512
2a4c6abd0c7738b0f5ffacbbe3797597e0ec7445e9965610f4d03c12ba0125b9942f2910730f9ad0739c0017a0e82f2b39ee5d9147067c2ecf82526cc0ee4910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ca356c9a9a51236fcb12666dbcac5dd1

SHA1
061083fa532e95088ac5743aac4d51d1d0a70d22

SHA256
66b2e29f92f1d714afcda11d40459760427d982ec1b1b58aaa563e5674fe07bd

SHA512
9859bb3f3bbbb36e2e34227c4ef30b8de4efeeeb8d8548233a7cfe1837d48e5f3c4dd0a43cb752f32c465be5a5a1c1cb8a187d2866c766e2cc590bce66f8d298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2eecb2aa3fc7388abd4e001664dfd84d

SHA1
5c61237fc3c750bbb6362bb98ac6b040812a12bf

SHA256
7d3addc1fe4e50c9b62b06d04e221e31ef5a2110fe0a4e53d19edb485ff0c3d6

SHA512
b52455bd2357834a7a71dfd1b5394095eec5246c6b9aca9b4037de6b84b6e67ee4619bcd39ea45b8e7b9014fb595bc48ff7b4870c9a3023182a2e48e12f0fa3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5528c4e7f936e5c2ba7598ce713a2de9

SHA1
7eb4d8b5ecf857dccd18ad862df97f63c6fa2da2

SHA256
46ea98ebcfbda4f5907175617d1a89b8c258a3af6271811b2e23ea746204559e

SHA512
857030ff7b5d6006d3fc800edcef0a3127daffa8348e15c8fc228b6a43125ab41dce21e4279c1d19df2103850bac9a5348d2f32fbe86849c5fa6f52d3157b2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
dc9f9725bab4961aa85b80690d1ab4b7

SHA1
cc31e2cb28d7b83591081fbaeee487f5858b7188

SHA256
89ed1236ca333847ee0948bfb3f670853bdb0ceafc832950612935e662bb4dc7

SHA512
5d13bc386eb44c67e2de804e16ea4d71bcfe7a8d17187ba675bb883f240fc5946a0f94704d4fe1cc7d5b6336f76d73ce66cb94cf99b1214703e407330f45d965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6c0f918f18e217ff9f4c4ab3f1c8114e

SHA1
4a2d0ec030bd92e079869889dd1b60f76f4aeb6a

SHA256
68928aaf5583df287cd22568ccea837f184a756b18a617bacd09af5243e16d6c

SHA512
a9c066b78c1dfaca9a81e383c972ce11d729415a1adacab22765f5d2cefb6456d33bf4ca48f18fc2189b328e6ef33b3c73c08d3c530f11b025ac6f35565a6054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5959d6e4f001df4bd84185a374049631

SHA1
d95498ab53d68cbdb518031b75c0ba996e739685

SHA256
11d48629a97df451310ef096ef390bcc78837a2386d9c37c9a31b90a35d451bb

SHA512
39ac8f9f82aee4f9364c7d6fb1020036c0b072ca2778340a08d5ab97bc0f20e148586e4a6e73c531e86f382dd3bc517c0ed064af88228c5cb72bc4ae256d1ba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c00728b8e8cbfd3b0a79963b1302f84f

SHA1
a69fce48383972fb91f9fe872a4f23f8edd1cbc3

SHA256
60d7fb2ef56ad807982ca137122b6bfab13dafd2a9301cf1c5b29e9cf720cc7e

SHA512
ff5562ca038fa308f8c02f10b075227ec7a1772dac33452e61a3b45c4fdddd227ce05042510d7ac20c181d6e52acf361c130eee72e0751ef7fa3bc886cac99d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585128.TMP

Filesize
1KB

MD5
fb8f3066fdd906d50af9117fcefccb1f

SHA1
2aaffcf11efdf722db44213ce4aa85dd4d7a2744

SHA256
eba07e70d23c02bf1aa76254f58215490f5b3494a6de0eb2f87cbd20cbbbf16a

SHA512
bcfe40ae2958ca596547da9fc4c6a66934e8210826d2cb8911df55228d1d016176cc9f3baf1d87f7feb3c6619429829d8ac2a82c6cf5580ca877f29abf197bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
066ce90f01edea8ade968ee55f64607b

SHA1
f1e02aab35894d37d5ed6b5533154f4184e031ed

SHA256
fea296f16be32e1ec3ace3f934a80e5e077a39327886afb6af100a8b1e3a9cc2

SHA512
7195ec91e6fa128f88e10f0fdd95da5ddc29240f137f8cd824540079eb2a666531168154c498106fe8c69accf1a62120008a966745f7ca25add4ab30a554fa23

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 512696.crdownload

Filesize
6.8MB

MD5
7d0392f60d64a47e1599c93c1e351a7a

SHA1
8ca8b948ea67620ac9edc18805d64fcca3785d2f

SHA256
9a691f888ba0734f3129b2595ca494f73403f0a9fb7c594f1e8da81cad9bd58a

SHA512
c53a172be08cc4055f0da082925d6826472e30ff904a096c6672f43d1b428e5d4a9216f733d6166ec7d57ca3eeb9a93b442e0a4bbe77ab61a215d82af97042a8

Download Submit