hxxps://drive[.]google[.]com/drive/folders/1-WlEIMUbceb-xcFNhxXPbF_bTTspSqwA?usp=sharing

Resubmissions

09/11/2024, 13:16

241109-qh9m4sxqgk 7

09/11/2024, 13:07

241109-qcqcaaxphj 7

Analysis

max time kernel
332s
max time network
347s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/11/2024, 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1-WlEIMUbceb-xcFNhxXPbF_bTTspSqwA?usp=sharing

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: DiscordFonts@master
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4860	msedge.exe
4860	msedge.exe
4888	identity_helper.exe
4888	identity_helper.exe
1836	msedge.exe
1836	msedge.exe
2200	msedge.exe
2200	msedge.exe
3224	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 3520	4860	msedge.exe	83
PID 4860 wrote to memory of 3520	4860	msedge.exe	83
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 732	4860	msedge.exe	84
PID 4860 wrote to memory of 4040	4860	msedge.exe	85
PID 4860 wrote to memory of 4040	4860	msedge.exe	85
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86
PID 4860 wrote to memory of 408	4860	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1-WlEIMUbceb-xcFNhxXPbF_bTTspSqwA?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a2d746f8,0x7ff9a2d74708,0x7ff9a2d74718
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.CdmService --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --service-sandbox-type=cdm --mojo-platform-channel-handle=7060 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14538853506348165796,21957395990946220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
  2⤵
  PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\20f80411-5bae-4bee-b274-bf9a95ec760a.tmp

Filesize
1KB

MD5
31fb8f13c70b35e9219b0f4f718b5358

SHA1
ccfd8a040e90a28b318ad460513fd76513aab6db

SHA256
70876f655917c4cdf6710d4037af9e29433a8b42812da7e03df0232f9e4a27ff

SHA512
0440365c529e667e5e1c74fd344dc4cb52e8dc7aa5588fcd684e6d18e04e3cca5ef734a184c4f7d4f9261ead9edd469aeed7226042bed1f2e1a6c0b09ff4b028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
55KB

MD5
cd0e8976a7c97849ad7a572f878855e7

SHA1
55df8cd8b5b793d78b52409e2b7af675c1b955a9

SHA256
ab6fd402cc54d04b5c0bd7346f5ab5eef291c2e81ae3f52400c2c23d98ffd45b

SHA512
28d75cd75be20845599cf2291f874be7526a76f929de09c2a838ff76533ca6ff6dfaf038c1d0d51408fb3a74f89437c900805bc372d5a29070ad8482a630210b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
17KB

MD5
fc8669e65896eb4a7f1ceb8bec7398c2

SHA1
f100fcc2c3c455d2d09fba59930517e47cc351e3

SHA256
f479c160fb1184b5381245dcf5b8c213587a4c72288a318cd168975070838b50

SHA512
cd58d4981096a00dea62fbe261b716d48a6fb9b2e98ef2e4e9350a62e54851d90c87b84e0bc89697681221df7c567413d5a1fd1c48255efbb5dbf18d458e2c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
20KB

MD5
eb77bc2800d9fc63ab6d008de39ba433

SHA1
e272c72645ea3f7881411a7447c09d1ce8223c5f

SHA256
4d896cdece4dd4e55114383fa239d45106f2be70ded3a20f7277bcd561737d92

SHA512
8a9e30e8a419b06114fd65c2e550ec3927fc6bafd98849c4ad79f8c3ba19f101d9cba7aa7c8f0bc06e9eeec851b4033917ffb0e906292b4f6bcc7bb4381ab00c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
48KB

MD5
18a64802714cd620582e3070cfe247b6

SHA1
8b07b5a18b9378816ad4ea50545aae6c28796262

SHA256
c920432f90cdfb91ca4074cf59d22871407e1d2ac429b95c5ca46690ea4314f2

SHA512
f8a66354bf3b6ac887994f48e84d5d35fa38684c0c621f90fc9c846074518ddec7e3f89ca6a924456c1f54f8323ed2d5649893bc2d62061724e281a9a9028ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
98KB

MD5
287ceb9cac144d6d00cac6d13b3abe4b

SHA1
d23faffb5246a0cae04c2288f64e17f5f3be8bf4

SHA256
9812e584e1c1b4c7d59533556e88520fa80dfa333e7663fa3c5a9a6865d8f6c7

SHA512
bfa1c74e29b33a2fafe5f88418770aae645e8f2a7f93cbccdc115f50df659e3c5297d9778435e6020fcaa763f1078d6805fc365efd39655842d8b6ff0ff603a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
25KB

MD5
2d7928e1003804522e56efd448d4777b

SHA1
34c5059a9d65a678765e7e4a4494f9ad1baa6ccb

SHA256
eb23e767e0b0e47ad43f7f14558e003f451aeaff87315ef3e5c0acaf35a843ee

SHA512
b8bfe9a409764df86a7c4aeea9d0342011e847bcbfbebd8b85cd8e5d61eac6df2d71bc48f9d6f39897667e1a68c64caa911112f71ad63bb4bb37b42c6c64445d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
242KB

MD5
8c6ee1bca1957390fbb3f11703ca1c13

SHA1
e7253186f0d007da7a687dabcad29f54c77c8e1f

SHA256
e21fd4406c440e62b8723476be622f388445860312f76b88b11d4de51f69bddd

SHA512
559c85b9e11f36243be16891f0cbfd2acf709165114ac31001eb00fa58d6f4475d58f30122498f629df9d6ae61eab4e8c6bcdeb474625f16e230cf05ebf69dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
582KB

MD5
1ebe6a1ebc109adf1724947123b4f763

SHA1
b2cabe12e7e059d69848616807c4433b28dcf188

SHA256
195eb56b02b8c4f9901bfadb03c4985edeb1199c7ede42bd2c53130a9b3fc6e5

SHA512
d5f49d2bfc6424ae9b070ad55851e95310ed9e5977822a2151b26328516390d8ff5b2228aa6d9575bf0947835a06080209df3d883eb86c4368e79d26bf91b841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
24KB

MD5
8713b8a90bded5ae0c4872484f54fbde

SHA1
98a15e7d455fc20760b035693d152f71534414c3

SHA256
4bf3050b6062e0e00c61e696cf26a7d6162c71c29062f2ae4d4647260934370f

SHA512
ed675ff93f851b1cebafc02e72f9ad19969d134df9dbcadee5234f3e8f8f0f493139540db621b0ade21bcc57c6522af4cb1d5030e8a9927453beaaed88e4a444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
614KB

MD5
8b7e7b8c23b3258a2797eff7ee34f466

SHA1
c14bcce1022711ea331bbe8f36934dd7a668b1e5

SHA256
1101c3511b7b6e02a37264660514fb7cb52983b3c878c83073cc62914a446aff

SHA512
868dba59ad30dee43d80dab8f0c73993157f94f34dcad866235b51e506af92a4344c601c3537dc13e2cf192671cb09eb1496550fc9c7b28593d176c7b6842dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
26KB

MD5
568d4eaa150e7daa3b0b03bcde881aef

SHA1
86cb45993b91be209004cf14dbaa58be71121b88

SHA256
061b7a582a0a5dd252a71fcf01252a4dcb5e82504052359a3c064c1f09ed225b

SHA512
00b90dbd360900d5e6e4c64a5a483abd9eea737c206ae965e3c6ba64abf6acf5e646b096ddfbdacf43cd3ab5ce6ff50b26db0f407f222e16a827fe794d21b3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
25KB

MD5
bafc4dc2ddf48b1844be205a1a41f7d8

SHA1
b7d00a60ed3c8e48178cf2e3b69adbe2a58fe2fe

SHA256
91b8d4590199e0014f5f89468d4224e6b5b3c19ac13ace79de0bd5111cc3d68e

SHA512
9b116fa618a9190dd8c1895cc3e27bb055b6318302c2f582bec9a275fa70c84dd1a70c69181c3dd2e2934d98b2e374d42cbf7081ca67821b104f54603b176ec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
32KB

MD5
d51156aefe1bb617bea2b80267421bf6

SHA1
21f5fb668da9d0a0b6b71f2c4f4c2b6ceada50d2

SHA256
add2bee75d3c9389bfe4ccafa5f08a9f1d3ab2f644c7ea02255070479d09bc72

SHA512
fdcf53ba59bc5e72954c6f13183e248354fbf6be8a51ee4bb7f4c9d01ca39c27c1eeed184572900caa4f48d279acd2b1c3ae0878285a46832f0724093898d8df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
20KB

MD5
e097423f1749fd6a3e21ff2df812947a

SHA1
23b26e1e7826cf458e154e9cdb0f1afa8d90bf9e

SHA256
3dadbb5d4e785122b1174ee12b248088e28fca6aaf78e4f8251c512469e35872

SHA512
65a4d58e729460c496d25703e41a7663b96d5bbcd48b3fe10d7078ae5f305814ca931d7df7b5a50251e6787344f9c23308a2f217f206919a670ea9d13e9de87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
29KB

MD5
631d4f36d9fabbbba52f87275ba80a60

SHA1
81b9635dccd3075b1d7ecb926be8bf3374b7f27b

SHA256
fb6abf1eb60cafb90ef24c3d6eb42a1b0886b0d0fef6e8f0bbb3ddb7f9a6e70f

SHA512
c5706214332cc109b5c8d25823804c2f961e162010892ba0fa1577f8450e9f4efda3583a15b0e0342cceeb3d7d7f4c72926676592d78bd424fa40f2da462d6b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a

Filesize
704KB

MD5
08d3defee9a92da66b939cfea133a35e

SHA1
ffc52ebc648a7afd150c0856521f0899b8048087

SHA256
ed37e1ba36fb1fae62f8b82aee9d1380468901280907692f8376f29b8a0862cf

SHA512
9e0c3aa9db720efee9a250fb80ab9195dcc7f215b1eba6200115a6e9456a620d981e6f1234f19c082364c43050ab3ba5df5ba7a44526207f96b1978740e43561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
768KB

MD5
31fe6ff1331becc0dd035fb50893f486

SHA1
e301a0ae111a450938e65624168db11f4692a569

SHA256
fcc91001a38511c40231d848596b98fc4cad99b6e18729a41e71fd9ebcea01f5

SHA512
0d93ce6e8cae366245bc96b38a3ee1ed9f680164978e7bd50732f05c50c3065aa2a386bf8d0085fd2e6438f3825af8258bf137cfb77a00b3bbd78cf7f542306e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

Filesize
704KB

MD5
a714a4ff891d2cd04ad62e0803c1b4ed

SHA1
ef078bb9b0749340f77e3a71112f1156512db78e

SHA256
318b29426dda4992355ca37c511bdd5ef7cd9d7cade1fc933ae967422658b3f3

SHA512
13af39e631718b7f9c33f54d3d397e5a61062aad37ed157f4688080791cb3f90dc2f23df5195ee125f3bb6e702521acf94d670a0d99925466c93440fadeb5b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085

Filesize
704KB

MD5
beab7a9a1ca94bfe07a3c1336bb3527f

SHA1
df37869e2b5b87c8bf82770507f719d5a74ee232

SHA256
9825e6b34c03f67ed65a22069708c376dfd61924ae68e1f797fb91b08f1aecc8

SHA512
d4087415a7de5bb393b91cc747ce5ce82afd4119781e03316b2d29c99abdd8083005ca417c9f5228ead5f75e03f41f1545e9a1194da0b761b9f6264346c76716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091

Filesize
180KB

MD5
f6ecd1e2fdc5df9fe1243907d7355d58

SHA1
d3936c58c8ba22ba2e845950c28d12cfaab0b651

SHA256
b4b69069a43c1c285ccfe18fabd2e20e3c7284f7c798d681507abc7641a37d72

SHA512
32968138eb8391e9f0341fe29900d43b81a32b92119b655424a6ee67b5542129dc093221a64d94a8a10248cc49b7570e2445e2e5e3b7c20868232984af738044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

Filesize
373KB

MD5
6d07a9418dfdb6589c4455da74182b6e

SHA1
8e7860cd3a24f5669574eaabeb49e76e50325ef8

SHA256
7b851118ccaba8d853133396c711a237229c94d3826497df04a0a05b38881f4f

SHA512
90512e2e55a481898e0abe3bff0777b2e7874f2586c85c86ba05475af1fe73173612e73f34b4fb9ff5efe4be5b83e0f0ca0a25224ad2e8a89872c97fd467c09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a3

Filesize
683KB

MD5
b64d923b3573fe2df893d6d5f549d079

SHA1
bddf64ea2e8d20d70838d84d179806c1e5e8294d

SHA256
45ad510ff2452d581cbf10d9e5e622c8470d5a614b692ddd425d9b9bf55af75d

SHA512
7c47729b7a02213cd1db6dc3613e0caf761cd91a26e13fbafff456d22db2cbb0b401d4b70e79bdb45d0497e081eb0a012e0f5a4a6bf50c99202b71d6067e0c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a6

Filesize
768KB

MD5
e7ab61c5fbb52185c750bdd0c7dfd63d

SHA1
e8d249c0c7ed20c78e49fe91a2981fe1701c48f6

SHA256
650e72ca16e97ab9ec463831ac39af854e2ca6e37327a3fc926ca82068d1a812

SHA512
756977baff63b8231b95a67692079261c17edad091728ed306f53fabe28c398606cd20d8266076c0345b9c5a8c3b02be8a3d6ab9a47d5579469373bfff2d9682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ce

Filesize
319KB

MD5
b0d24e0f24cf27023adc95b2fa236a04

SHA1
067711b6c3a45a10863c9c731de790136601ae1b

SHA256
7b17f87ca6c465e7564632561fcedd06906c752f6f169c20399f36af45f430a6

SHA512
16879e2f5b69b2d1a36324f73016538b83bf591d63e94d4c53a5b22d65df558e9473297017ad15ca399e7477b8926b7e64af1b330e9466f3e7d5536233ed1730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2a6c5693b0e2d0ad_0

Filesize
281B

MD5
ef23ff4799e7734d7fea3f4023a8e1ee

SHA1
9c44a18693dd758e2e62aed4c7a60ed09878b790

SHA256
e0a2243ea08616ea5b88126ed2945a9141f043092533223706ad305d47e1b2c9

SHA512
dced9f42339f5f9e972d58e62ced02ff1b8196983faec03c5278498fe00d28a2f234f7591d2c1907e8bfbbf2f7e7a5a78fc49f0a5ee7745d866c31309dec2608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2a6c5693b0e2d0ad_0

Filesize
281B

MD5
566d5375fede190323068b2636a514cc

SHA1
584f6c8e7117134b3fc7609e3d6b89193cc7505d

SHA256
180ac9f63211b97361f3de5187769d69b7971101a4c86975430599d8118364a0

SHA512
dd0a1db790431422ef36567c38c3960858932cd222377ee14f532d3100b2bb67120f6d96dc18e18980d900714544834c83c12bb198c821193f5e55aa35449bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

Filesize
7KB

MD5
385f1b990dd4a11c881879940727d297

SHA1
20fd3115f75b4efe0a835bdbc75305847c415c85

SHA256
cdca253ca7977f079d40e586782a354707726f93d3af51f76ba64701ed7e2457

SHA512
e92787cfaa76cd51b98375e7cd543b060b2f48f3da5c9baa86879950cad5b07631430f40e450985d594bcd0e06f824517addf6c883b6f122a100bf3c857a7447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4925204be898c0cf_0

Filesize
243B

MD5
92a46be77848cecfe6be21dfa880da32

SHA1
5697cc89204e9021797ec77fece087bdb0d1e8fa

SHA256
71820b7e3e5314cc5978cea7543abaff7d2f6df97f333442f6acdd740fa9f574

SHA512
6d74c5baedbbec47044425ca84726894b9a372edd11079236c082301338b70b0000bacabf4903b40de62137673f44e56eb7799f412f7ec1ee5d94724be2a22aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\92cee4bd2da323ab_0

Filesize
233B

MD5
d130733c90dd2063e2d57270cd66e017

SHA1
574f7a8d3dd5c949c9713d7bb06cba4ab5410078

SHA256
98fc077795d59615c450dd56f7076bae93718232971d589f42bef74f9865b85b

SHA512
ccb2d4155512e923e7ee3b7a688cc84d0c48989fd57b68b87c3e04b12372da8e64464ebcea619262dd314bf459d72fd913165f471c3395f2ed6517892bc29a05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\92cee4bd2da323ab_0

Filesize
55KB

MD5
8156ef47e0f70ebfd419b3a34116abd7

SHA1
da2606fa402bb0536df86c99e3d2a8d4326fc5aa

SHA256
8b2207fd86c6c74471fc6cbcaadb64fca96b6b72d6b6c00b57047669414cfa99

SHA512
f3a252c6576d2c42dcea73d0ed3b27bcab4d23c50d885f568db17e31a48e7eaa84045d2574acd7d54b569fb047623dfabeddb74fd8e4b2ce4aa4bbf8289339ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9bbfb5edff15e301_0

Filesize
247B

MD5
69e7f1526d6ff1dc9b9ed631e7e453f5

SHA1
7d127b9a82fc3b1518a813408c3f2fe6180321a9

SHA256
7f3fd6f5dde87950c332876acacfe4f21b6967bac42fc4ed07484dd1eb85b17b

SHA512
4af97a1ddd601df040405378ff247912c7ef22ed6218b9f86293f41e98fc02bde57f61be13bc03a0e058bdea32dd996643809bec13b81d8d0031a807f88e2a81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c1037c1e40cb128d_0

Filesize
232B

MD5
fb88f51dc778bbfd359bd2f5e667cd25

SHA1
f6e27e312c1baf5deaa4572aab6eee5007dc322b

SHA256
55cfec6773a4c538d7e584d65b4caa80344afaa747a9c1273850db61eaac0bb9

SHA512
3f68f785a3574213cabfc14a1d9d222327f588e12e2f6c4859f39a9a15358ded597796cc875e3b17befef805117b7ab51bf769204a9d8a40a1c7a2dbceec6e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c5a29b6918e6bc50_0

Filesize
231B

MD5
38c1d4fcfdb6f070de267ea9eb11aaa0

SHA1
36c9c3ff6d5fb0927e83e88bbe0c8b3c272b564e

SHA256
1e56cf1c8b894830a762f98b1bb1cc08a2b8ac225b16c51dc3eea88f6fecad98

SHA512
bfc553b3e6c247af834cb7abe1061548ec7c71d5c4870257bbd65ea943e18c9bfa998290497672e504cbbb05d14c74d45afce1c92dac3dcf7ad538d3aa9cf2ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9545717e6d151d2_0

Filesize
212B

MD5
e6a185acca2e49a2985fd96678279640

SHA1
338b14b46ae8a7906e19978de487de9b7585c573

SHA256
1ee0273853373b16756d5adaf6013dbac17a1016802ee728df9f1ea51cdf67c1

SHA512
ac7b985ebc6c3b6db5674d6f0743b5ff9486692aff7c461d7ca32650fa0bea031675273234b30a33c02738bc1df5eb1133f947ba8ddeb9e994b59e1b7f5e24f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f6fbc2773bcbc490_0

Filesize
101KB

MD5
9903b138489454846b4c9fe86f65cc3b

SHA1
3ab9a41d4d4fd42f7a9b255ee28e12ab48a329e9

SHA256
1eed887795d0f57ace2480b932fb3b6db5a91566d41b5b63f078abed233cc705

SHA512
7cc4e5ce6f143d86aad1b3bb84c6f57c3eafd6c5aff27b6e7ace9f3baa1d4c918e084288c0059b31d701e4584dda77f4b966bbdc43f4a65e0f5cf9c951cd0213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a4ea36f150c96a6e30639bb65429323a

SHA1
d2582700153d35d51468c136ab96241b2db37bc5

SHA256
de31aa3d3f4bff13bf0e947205018970996a9f876bc1f2326b5b777e92bca3b7

SHA512
d18628bd6c32cb158f1a9b3f1fdffdefe6e2e08abcd6184e27c417099b5aa218b617bf7b73d7cb2177a9650f614635425348cb2364a51701b3311aafa17d65b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4b67b1f9b7050df10f1cdb35a3871ffa

SHA1
9dde22fc84afc95f6c2a4975205143146caa0558

SHA256
e02acc7ac4f62f52f911bbcb8c8ae71ce38edd1511ac68beff2fb4f2322af12c

SHA512
62af2a6166fe1838c988bdb58f4b4cb487aa0c73313ab90724f0225131cc36a6bcec0238196844a37790fda69859ed7fe2daf9df234a807f5d27b6365b36cf70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bc873762893a3120961ada036ec13ad9

SHA1
ca3165c2ec8de8f2b0aff76248c4c92db4351f08

SHA256
5c96e1873e2901d4fdefbed9a39bbe5a399d33a667e3b37e39a02d117d368a03

SHA512
3284938cef24296314b3bb7629bbb3e2c66aa9b120aa03eaa1aa12865469997295d7b61d6bd197b45bd41b903ae9ade5ebefa26b4ae865fff9b5e497325a03b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
91c15957f67865e87e5a4c54902d504b

SHA1
6075aa97d0a4e07c25740f535a04e2a5e46c0bf7

SHA256
08e15efea931478f50b1163d611b90f5beca2b66dd86dd6f7fa0ce5a0b62f6af

SHA512
9c9d8e0bd809a6db90c822b27083926331341429f5e0118499a6fc3d882d9ccba46ba92aa2fdb42982f22bbc69cd758a1eb89ec0a324f43912270c6bf6a2fd9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
29e25215626d0319d2c6461a422fc94c

SHA1
41d618e274f89f308aab32fd826177346ee91f0c

SHA256
544ddb6bb1b0fc524228f1f54c06de2651b6fd7a2135169c9c497ec61116a0ca

SHA512
f5fc1442af68a3c5ced82f99938f97d46e79bee40fb1975e99caaa4a828738b3c6663aa3208e1ef0d8151a8b8f8bd48492571f001a92e28da6023a4e3aad48a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
f1cefd059eb164772993b97829ad0a51

SHA1
0367a5b6992e39931503f672dd8d78e6658e6c99

SHA256
d90f33e37bd5511d956b0cb2067f18aa6cc3c61abfbcb3a2fe6e58bb1f004433

SHA512
a8a7f220da953cd5a8f0a15b5e04df5c083234cbc9b3e0ddd624e5ac86551b1b99633abc90a68a8a3a440b0e1f2c997c65e0e997dbd4a6ac60cad8098f93aae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
9b53e0abad0a7f4f3a6f62b97ee2b9c1

SHA1
e1349b7cd351e11031a8e455cfe283ba541b3d0c

SHA256
4fc152fbcfcb88d8c07e770fe0e71c64a06ae35ace62a39db38c4b426e75b5fe

SHA512
4965b0e312936a8524d3dcd0407162e0fd1b0748cc8eeb8f428f6e4c9a2eed65d34d4e13f91beda226f0a5d9be6e9feabee35809b18525ef55a11b35667e9de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
17ba3a7acccfb8616b6e66df114b6f80

SHA1
a415cf2e63107775f9983bfecb038389d925dda0

SHA256
9df2d19716459f1bd38b9429c97f5e6d485bbc2271d7d5e83c033d1a736004e6

SHA512
18feb91ce4f1883bfb1ec8b58f9972d1b2f4dd8c7ca1e9a6068fbfdbced30fc218cf18dc4985ed820208721ab94b53573637d8d7d6aee25c6871feb0f871425e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8171fb902a39bea0ccbbbfeba1aa5d84

SHA1
95a470043e20062b22de39fbac5ae7dc0eb19bdb

SHA256
3d4aec33c259bf1ce3c769476f8a4e55bce8630ff415b108a1d5d129e8aaca10

SHA512
8b391892051498184a8e3484c38da8c281a73e86ecf558439b100cc5f3f1c3a0c8f0ce22dedf597d220134ecb39ba00f467c73f072e6b57d34ce66c5b60a53dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3620b87d50a8fd530e78af6eb6f1d51e

SHA1
00198e578d26e250336da06588d2310a41fc733d

SHA256
1d681b233fd17b3ff1efe2e8eba3891ce20879e036f13d2220e2147aa23aebc1

SHA512
91293a5b8a74833e74a5e6ebc7f4a66fc3078f8fa1db96ca831f6654f74d3538d7b8c9d1df747f525364bb6fbdcffde6412667e0dae0ed39f2eb96ab269a2aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a58049c52c0c3caa6c1cec51b76bdfdf

SHA1
7253a5ce5278559807fa2a6c6127c597e0aaa169

SHA256
745218af4c1bc6c5f91d6a1f7497be4da0c43d1c682031b0b9005cae9d841067

SHA512
8d9a8315b360d1205a2428316d43aebb778f58759ee19ac081b0da1604f93ce0a53352d5fdfb19ab23fd0611717a364a6fab1cb7a0d8d073e2dd875eda40e753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
baef4f7c045ba73d203fe17d084529a8

SHA1
d7cbd07d8deb9b6deae02f0942e2315074f34b69

SHA256
9e64f5dc7f97312b085d899728c283329059c17d62354c0a91a59433e1a9737b

SHA512
10b71cb222caae4439cb99967b29b576432b0a1de03aab2d175cb74a8f82fcf81f0be416a251ba96bc5385a0844c0824fd71295d5eaf9e22b7f3349d8f2673d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9fd73fd2accbe9cd21b3c3e2c339a672

SHA1
01f79ca95394fbc155ce365e975da087b6ef5856

SHA256
72ff11a209bb87c6b5f4fee42107bb7a2c6f246267adb723a9de54cab296a0f3

SHA512
00abf2751c4dbf56c2c549e24fdb37b4b5010af677853124a83ede71957fee61fb36ae860122d98475c73a82d2fb4514bf82bfba342406a7d76b43d600d08a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
59d3923e360029ae1785081c380a8cfd

SHA1
ab3c8325aa35cde38005bc276ed8e6aea52b2e41

SHA256
d6159ee79a81be330c7bcbfd8bb1fe552898e2f5609628a96282acf12958ec11

SHA512
7977eafa076a90edd3f0aa3740545e4f5c8f779d593acb321a3316a78e7d9931cca75431d2fa98bbbd6a19c19ac598e2ec8434f420e7fd44ab0c56e6356ad00a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
98acfbc5b0323f36ac16294307343e62

SHA1
123620d83ab1754899148ebef0f5a830ecd6a5c0

SHA256
18845811e8305378e9377d95a993a6361907ed243cc336ada69f4fee94b7a8f5

SHA512
3ce41c899edd37e1a090d6439117ba5b21d503aaa7aa983a66c62213ebc96df200c13febb5f34bfc8240c839b9e1f9e31482fdfdc7b984baa75569376f486df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e6d10f29c91e4af61f3d60239d71530a

SHA1
fe67fa9fc8d3b577711e5060a7d05dc4e8d1cd56

SHA256
9dfde8ea116a1a557bb59cadf729a75c78deb43705bd525183b696322d31a25b

SHA512
477514069788a2e479d1fafb1342b8947005e3f09ca29be37929fd1f29895459aa7013d318c237b4f43f5d0c2bc81ab69a6777a00b6077add67b45bca7070338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
172d4bf268f2b1bc21eb35baa2fe0dac

SHA1
c498f18c801019e96aaa0c9d6fe6783e2b3a6323

SHA256
1d6723fed77e5859c8b1f9ad3629a6c54974ae1c6e10dd7c402430dc862325dc

SHA512
9f32f2a08ff3364079d3056e0038c112c7962a7d5064d79ff050305858dc0ef283e06722bcfb6c4b6fe3cf26f779202123b8a63958e5a9e0d1cab0de90fc620b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
33b526a1bf9f8f9ad8d9bdad9096a651

SHA1
79d81b7ac2ba1a7007f5f4b123dd04ee5ce80830

SHA256
b1ce5bbe1bf344b811a9e41fa1e1502a8d0c5b86a4afa0eec334144cb21475be

SHA512
24582381d874e9ecbc9d2942aa701b3b068c7ecd89bec9ce8abe3da0e557799c11ff3d032056be4b0e2ba295105e779535801363083149aa748b53af162af312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
409d056313d22282f2cf9962fe727ad3

SHA1
b5dcf0bffe801bfadc75e4cdb474682604c7e716

SHA256
8bcd0af2da7a782d3a26d5cdf5a9abb3d5638f94ae7fead7b17207b511764c2b

SHA512
31bc1bde0329b32a01cdb9ad83b18610aba2f8cc9553dcdc782bcedc4a03f37293339725c2a0efa2d725d5d6923bd7be7babb0937a286fccf74607d7401e5308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
318392f4759dd269598037f9fb0f5dda

SHA1
b06ce7bcb63ce89f4a602d97f5ad6d9b02b919e6

SHA256
e9f0a1d4c2a9b293cf95cf93ae4ef196eba9fa57f614f4df677ccd4967b1ba8a

SHA512
c5de9857f536c1301444e48dc79b9ede9d4db52f687518ddf31bd6649a8f361e250d493477688bef198444682813eb76312562ea1bbd5dcb28617d0de78656dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dfafebdc09e4db55070b3b695bb979b4

SHA1
2f9ef9e20df4ab5e0e73136c3fa7b6eef92dc677

SHA256
2fb53b7ddcc846787f56dad0db310fa20d1dccaf804b9ed6abf3351bb37a51d7

SHA512
fafb468d8eccec721861b72303ea223c6a896d13fe0dff5f1c7a27a619234787d9789eaf9733809eafde49c21ac59f8ebfa4409adcddd414b9fab01d3e99c31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f2a6ed86dccc16e94e85c5b8d076da0b

SHA1
803b233532aee5e495243b1a2998055f8db6b9de

SHA256
6b7b1dbc3d639bbbb95e3d5a75ce409f39d8657f0c61ed1b3b9df63f42c19aa0

SHA512
28d4122fe92fcb325ca122c256f0a88eb1243deb4e6f7fc24709c8fe89a58c8c2ff1db88238cc343913c27aafb335be908de93023567bb871a3d35c4a034d982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
871b18f9270781f7ca2cf56e29a899b7

SHA1
3dff367006577a11f634971e71f36dfaf6b1fa94

SHA256
538920ff53b85b996323f1f829ed3430114288513be36f64e4d28f328cd1686f

SHA512
9ff3fb8296f82cd10288da2ac1e80a319809f387241a683895ca8347168e81fd235dabbc41a29bd355c79bbf556341e26a29b9497674d4e9c0bda6faf4cd4eff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
bd42f3e4248f00c2d21aa4e619bece83

SHA1
e3b7b128fc0376f137ae3cbf11375a91604d9166

SHA256
43e21d665e08d422f5cc57f3d5238dd5f1d451d9a1ee7d78952d2a6cbe6786cb

SHA512
3f13a8d9b9966bec26fc7b22d7b41f3b16f0a6ff8037b945c8f341e5d8e4802323b95d0f6b15bb71a6cdecf63ddb4fe2c0b62dd1b0ee6c164c9e7b49833be85f

Download Submit
C:\Users\Admin\Downloads\CIT Staff Server - Staff Channels - admin-log [1070637404974747718].html

Filesize
27.8MB

MD5
9cefc1471ff5c25011d58f498bc3d194

SHA1
721b1f410585393ec4975f1eff6eb3fbd99a9ea0

SHA256
169c51a50150966921a98b203f72ed119fa639c97519917f213da70da9224a09

SHA512
a68cc7353a1dfd2623a49fd1afd393c73444508e8ed58d5a94ad872851a002c3d36f255bcc0d9e2d3d880394ec335bdfebc391a4069e9db07be648108daf2c2c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 923209.crdownload

Filesize
88KB

MD5
60a382d7be32bcab7dc9d710e5d6cf74

SHA1
ad1c1cb39b29a5d2960c63b454ee01d393f8ea87

SHA256
1ea832443b3f4847705b8a32ba9ed10af52e58df28d1124f1b86e136cb5a37a4

SHA512
32650862963840335f5dde90d9f482b8cfcf1c366313d47e5eefa214c51ec6925fda4b626739a9d9879541afa6dfccf5485cd3f6bbb14d2e405c63e567daa869

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 948641.crdownload

Filesize
6.8MB

MD5
7d0392f60d64a47e1599c93c1e351a7a

SHA1
8ca8b948ea67620ac9edc18805d64fcca3785d2f

SHA256
9a691f888ba0734f3129b2595ca494f73403f0a9fb7c594f1e8da81cad9bd58a

SHA512
c53a172be08cc4055f0da082925d6826472e30ff904a096c6672f43d1b428e5d4a9216f733d6166ec7d57ca3eeb9a93b442e0a4bbe77ab61a215d82af97042a8

Download Submit