hxxps://drive[.]google[.]com/file/d/1sOBJHhjrgzhoGuMOnrm_-Z_m89zwO4fG/view?usp=sharing

Resubmissions

10-11-2024 01:40

241110-b3vblawkhy 6

10-11-2024 01:31

241110-bxtswawfqr 6

10-11-2024 01:30

241110-bwz89szjal 6

Analysis

max time kernel
117s
max time network
124s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
10-11-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1sOBJHhjrgzhoGuMOnrm_-Z_m89zwO4fG/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
64	drive.google.com
65	drive.google.com
66	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241110014051.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\00f84b25-00d1-4244-96cb-2386352d2946.tmp	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 193866.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
996	msedge.exe
996	msedge.exe
4424	msedge.exe
4424	msedge.exe
1388	identity_helper.exe
1388	identity_helper.exe
5920	msedge.exe
3268	msedge.exe
3268	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 4060	4424	msedge.exe	81
PID 4424 wrote to memory of 4060	4424	msedge.exe	81
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 5100	4424	msedge.exe	82
PID 4424 wrote to memory of 996	4424	msedge.exe	83
PID 4424 wrote to memory of 996	4424	msedge.exe	83
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84
PID 4424 wrote to memory of 3920	4424	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1sOBJHhjrgzhoGuMOnrm_-Z_m89zwO4fG/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x134,0x7fffaa9546f8,0x7fffaa954708,0x7fffaa954718
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2384
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff625105460,0x7ff625105470,0x7ff625105480
    3⤵
    PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6640 /prefetch:8
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7020 /prefetch:8
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7324 /prefetch:8
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12196908920338320380,12595313830276492605,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8072 /prefetch:2
  2⤵
  PID:5096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
467bc167b06cdf2998f79460b98fa8f6

SHA1
a66fc2b411b31cb853195013d4677f4a2e5b6d11

SHA256
3b19522cb9ce73332fa1c357c6138b97b928545d38d162733eba68c8c5e604bd

SHA512
0eb63e6cacbec78b434d976fa2fb6fb44b1f9bc31001857c9bcb68c041bb52df30fbc7e1353f81d336b8a716821876fcacf3b32a107b16cec217c3d5d9621286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cc10dc6ba36bad31b4268762731a6c81

SHA1
9694d2aa8b119d674c27a1cfcaaf14ade8704e63

SHA256
d0d1f405097849f8203095f0d591e113145b1ce99df0545770138d772df4997f

SHA512
0ed193fdcc3f625221293bfd6af3132a5ce7d87138cd7df5e4b89353c89e237c1ff81920a2b17b7e0047f2cc8b2a976f667c7f12b0dcc273ddc3b4c8323b1b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4e60be38-a626-4e21-8ad8-beb6fbd201f9.tmp

Filesize
871B

MD5
8ec978c7017780f604812653ec7e113c

SHA1
a2a41faaba0df085695474d71a4d67aa24d265b3

SHA256
92b5ca95392a0526ffe6fd4bb1c5b9345b3626de7cefcf36f458c0e828287ebf

SHA512
2359c19c1edc5d24730ffdb461b3ffe04766c52eebe9d231bf13eec305891a37d2d148cc9e8f6b03d8abe8e5f62a5db9cc86b12ae8180d3d65fa36a8294f13e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
107KB

MD5
80b2d6dc17f365342a447aa431c78e19

SHA1
459a6fdbb7c98252933bc0dd27956417f4f91c67

SHA256
b9129985bfb98b4175b841e7e471577b7578954f365bc8758996ded553b20415

SHA512
d0e4495cf204f39b49527cc9f15f0983cd05ef3186f61da278fc1ebfe1d8123c0cd2c1b8ee64f2589ab8af440b030f12255c280b6b9a185b1514d6a97a32cd67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
72KB

MD5
84337f56a94d0038fefe02e498123e06

SHA1
49ff82b16c1c58198a5c67105e505ecd7ae59f23

SHA256
23bc0e615d61a1bd7ec00cdc05a7567e7c527238579636c80754ae565b41251b

SHA512
900e685070d99a70b6dd59f42ae81682395db748cd5cd7a94dd03c2479796b8b53c9acfa3fd4d1ee23c63e6676c87dadfbc6a02bcf67b57924b9ca724736cf04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
35KB

MD5
e900cb339792c61a3ed02f7c93d0ddfd

SHA1
76530c9e34114986f99b543d69c1d2576bd1f377

SHA256
a10d553e3a7a60fd5894031d8f57667a418a6ad6a43feb0af6166276775431f2

SHA512
6a8e3feebcd53172a0f5855c18e63055f1eaed7e261a8197ea0f9fb27fda4582ede7e572a78d84f3b2b4da13970c3d56cd4f4a0fa6b59b5df92b226f1b6a1f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
f132936a3b4e312d8a798fb28f52ea86

SHA1
35a775de534fb44b962ffd76f881c9cceed44d2a

SHA256
506cef3932955342d75aec75d440849a728dd2f720208751c29f5cdc034d323c

SHA512
adc519542f5b9d9e0343a24006f0c11f5952baab92ea7442a9a293682e73eb3a9a267c882a0e1ab8d945a895828a8b2fc8f5b1dad4bd1db56838f03fbc030efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f7a0f471c6a2baa6c60f87032378d9e4

SHA1
59e0612227e8901dea366367af5a6675340ec0bd

SHA256
e6fc7a8f664ddf2ae982fb10c63c15ddcc0bcab5b7452f32c06c0bedee6000f2

SHA512
fe659b9a005d113fdf97c4fa1292d7dff0b56d05ff54e56e756003ded1c43da5006a037c405377e9395d03dfad2c7cbc443c7dcdca76c29ff97f20a7765b581e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
ac2e1466f57893cbb1f86a10c4f20827

SHA1
b5d8798cfe736f9652babfe5a00cbb725471a555

SHA256
94ff167ce81895e2af12d9167513595a5fb901cee0cfe5d032e939d99f7cb44b

SHA512
c0d3139faaea4d86995886113153058e41e9403a2cbbc03a012040f8cbe95f799c783f9db83d602c0b61db594a027f8e9b9016446fa027c8ae28a5102db00931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
39eaa48c70df106dbdbcd823199fe190

SHA1
b0492fe0da1aa17478c11f02dc385bcafd6fe8ea

SHA256
5a64e313b50c1b13359f05b56efc80a8db331f5e9c3394d1b99ea1a6ccac140a

SHA512
daca0d67a4551eb7f5a5c7b1226a632529e2a306f287144c4cdf05a07df533caf08e71792856a8c6eddb2d3062f0b9c23a9c382f9ab45b97632fb528dda2b5b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
8804b3f2b4fd4bf9e3bc433c85deefce

SHA1
37c068c42b83ffe0f667164f12cf01d6597902e2

SHA256
fabcda2b12a48f815229f7e48aca207e3002376c4e8cd893d7b1f2cff59d3fbd

SHA512
7fda6126c9065d3d10df6244d4673738822af8f3c2908806634fb61ba2c08b71e991258ab83a343f89a4c96d6b6a9cc9e53dc18d9dcc1cfc5171c3ba5bb72764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
84B

MD5
32b9dc9cc81d0682e78627c873fdd651

SHA1
46c486386d3e153c3e9b11d54cb52cf0064b71cf

SHA256
712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c

SHA512
f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58a294.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3267e3ef630b8be3bebf47cc36f1acc

SHA1
8623855584bcc34e1eac0affbce70599ea3280aa

SHA256
a7367d6f8dd7642b1aeb136e3e5f7d5f4f79e6afd0ccfd6974f0095722d314d5

SHA512
2426bf0cf0594dbc7bb08a51b702cefb991cb8b59b2d5799a1196a2add3430cbcbe5c89f846e2686e250c14c6e629c9e4fbfb1ad2a7252c728a70e2dbc39109f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
968a2b39f13f5ac5298386f82f4ed715

SHA1
47446e01897849f4f0e5f13e74f879ac29185ee4

SHA256
68f60a51fd64a16762cc4c8ecc1412c0a6ad4c6cc9194513863fd3b184b59d77

SHA512
3cbbd454d391f377693dacf134fd79429dcc64a2e424bb384a466fec11876bf0265a8074e96a4f6e6e1eff09f00397664684bb404ac12b2075185e900c8fc3b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
99ecf4f4b48fa6f7a146b326848b16b9

SHA1
0e0179fecc43ab9fb29fa6d0ac9571a09117b5ca

SHA256
b13373b60a5e10d2df11e01714ee2f80d3d41e1735e9488558df124093184aa4

SHA512
f7455b2b3ef387e8ea19d73b08a03a279cf2d5e6b930028a62a6c7a7a0cd60a1043927e3fdcac2893ccace6da3a84985aff28783ddee4dbc175e78db1ca2afc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aad0fa2b51a44a7a4791f3748c81df06

SHA1
64831c9fd4c12b8f559a89a44660a300583d6ec1

SHA256
bed097ca72e870b8b4d0b967fc3fda50692d23fc35df035ceeed4809196f1f0b

SHA512
6715d5f8a00412224cccfcea230c36e6ee9ab18a8162fb4f14985cb106248a8749bf5f1751bd7e9ba0b4003c4978214d371500281adc8fcd8cb273b60a7d47f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
75c80c094af9999e4bceccebc6777384

SHA1
a406c86e49010387172cde7b2852c5a816f688b7

SHA256
ad3284b0aa29f000fa6cb58e20d8fabc499b99eb735c30d6c265605baec3a11f

SHA512
cda65b69f2800bb12ed59d61bae8a85c390c4c96a75e9f3554ac532b9e5065abd5acde7b8ecce32b2c5cb20fc8416a25b928d826ee53ba483af2669273f3bf05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5ceb02daf65e20b732088abd95bd25f

SHA1
1a8116762c271e1fb6359706d4687be75561ee6b

SHA256
e59b0380ed5703e4e56848ecdfaedb9ca7d0b065dd074e349bb9b8c43756b93a

SHA512
83103de5d875170796050a5b809a3c4cc33670a21d6db2f9370cf5251d7a947a83f0a5c57f7f61daaa2b8a795f3b48d24e1bc3729284df291bb203a794e23780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f013421e69cba9c63c874852cd39252

SHA1
0137776990df2d5c41d5992545104d3a58ee0fa5

SHA256
9d81e540e5fe225ad41808af94045959ee51ba2882f6b3fc7d81fb74a9e058fd

SHA512
6f2d26dd2a3424a12f7e9cf5b32bb902ba5068053b29a31bc98758d911d8451bef7fb7b7db9cdeadb9a7ab313b3d79264505b5ae3b47be5b6b0bf1a5e5a321ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0862312ce9cfd84504397ddab038270f

SHA1
ae261fdd7c6bd120c004b1ae05855867ed06150a

SHA256
38fdfb136ea00064f6d07083818184cbced9aaffc2e50bcffe32c70041120535

SHA512
2e29135b7a2f338fa40679101763cf7185e61e0e8a3dc77a460accdbc9a1a22978921537fea27396ef09a19101c34b59d710960358718043832052170baf7c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5bf7b9bb7393acce4b0b2246fb3638d3

SHA1
26394e4e7e07cc8a7c519735e30716b2055e1dba

SHA256
20307fce41c276b76b6983c7481e26fe34a7074613b37220268e6507be483de2

SHA512
6af8567c2efead6a3d1cd277781a0cc3816d49419c1f250a890b43475ca60958f99a33ff3eb381222be5cafe2f754ee90499bf29b874a6d4005df591ba55c34d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3b964859deef3a6f470b8021df49b34d

SHA1
62023dacf1e4019c9f204297c6be7e760f71a65d

SHA256
087debdcfba4666c03a5ea699e9bb31cf22ef4e0fad7c961cb0b500e5d262fb5

SHA512
c30b7e1b28820a5815b52634b46cb210c241704e33e41304400cb3ed29e82ec547a1068fc819350b368456bcabd27034afade5add3251dc74e4174f51b6c7adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5c2d5c900312f44e72209416d45723cb

SHA1
68fb8909308589149399c3fb74605600833fbbc1

SHA256
56f7a77549e5fc45bd4b1f7c2db3e8b4bd1dd9234545207613a80342cee8e7d8

SHA512
07c2920cff7c1125e3a2fe66bf21d8606a1f2a3d36be2d8e136da0d2a21130242ac8324f18cedfb0040304cf804815861767c969a6923d8db851312bf9b4348b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4f50635de8e856cf0dfafa3bdcc2bc3d

SHA1
e4b7f66b9666ecd71b4321114e27866d1e49dcb1

SHA256
3087b8b267218e18e44094083e041cab131684246397ef7d9005d7ba7dc6bc1d

SHA512
01c45cf8661971bbc1a6b70406f5b89f01834a8d6a4bf2fe496c9487716fbbad3c43a0683fa6635241e5c086a6513839a916e6b4d11e3648a4f1a756a4cccac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
38becc7bdd03ec3e6b2d2b26760bad84

SHA1
47e7ada00a0c672bf6e1970048de3a83f103c93f

SHA256
75b9d3d7074758455ab1bd2dd22d0a73846ca0aa0314706ec6de86a581df7ce7

SHA512
7bb2d140584930efb77d108792aab751559c065ccabde2cfb53ed956b9dd7f7a52ccd6b4c8ac337ebb6be38e390f50e9e80d3626bcfa01f645f1f4f6cb0fc8ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
36aadd98ec949c5014cf565c2a860cd9

SHA1
75eab2c6ce5247149c30cf8e25cfd847126d4593

SHA256
4d8f0b7056ebbc0b4d8cd3d8e2e98bca61fade70153637689e7ab96b680a49e7

SHA512
e05f05160146d925936d79fa677b6c2a51793a75646c6c3e4de282d472245c1ba9965f51db62c4b078c3e5582d1a7ab8299a442cf5fbe99085541472f86c73ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
37B

MD5
661760f65468e15dd28c1fd21fb55e6d

SHA1
207638003735c9b113b1f47bb043cdcdbf4b0b5f

SHA256
0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e

SHA512
6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
f6e264ae8da73553b56302e28a06fe2f

SHA1
c30614cfb4dbfa18635e6551fc046dbd9fbd85c7

SHA256
c5b08e256a9cfc91f9298ac4069d399a0c3263b5c66f045bc8a405613135909e

SHA512
c097f9965f16e0a194b0392225543a0a54f4e18afd2c076870af938ca1ab94f2aec7c43ef4c1e9e7328710c9909650422e003189b21c5d8285f3feae215998e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ed0de2dc6e87447d2dff1c5acc7c5bf5

SHA1
48f83d719b59bc88d2bd82df9994425482961a90

SHA256
99369a523ed1157ce3f5adabd2dd82aa27fa9a3b73df385b06d30f1d0489bead

SHA512
8b58276562dd3910757c6fcd4c57b77791787056d8d7e40926f28e48e75945f222596e335d527b55f95fa567464e6c7e655d8c386c932e4ee4289d9a73069ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5815f4.TMP

Filesize
871B

MD5
b1442a1baeb210b13f2f3f6d173ac632

SHA1
5162874d5b358043b46278e3cd919ccfc4c86f21

SHA256
68ad589adf762b9f58ba85074d378181b9653d76aa670ee4fafeb1220a742387

SHA512
011fdb2d3b2c4c73f133b41dbb57e3fc66a7671e7296f1063a94eeca5ea5a6a6cedf650f076aa70220372cdb1ad2964f1a7f473841b121bbc8a079b0b1c5072b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
969cc27ec4af1baf353c9e6f9a3e8744

SHA1
8233eb2f7733df12758ab835769c748f74909e35

SHA256
9640a13a22da0cc80e507b146cb5d2f2cd6b3d1f9379b0fb62b6e156d92da857

SHA512
3e066b442d1223291eb44462dd77d1d06b0375cd195de2ba5a74be1ec5067613c52b1ce824f22d9177c9934cf2b2f880e58132c3c0771f2cf0879b6c9699b514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1c8704e82848f8173e1b021adc4d3fbc

SHA1
f097c0ceda76ac2c5ba6ec9835495789b1665c53

SHA256
9111dd884e499821ca57680bc01d2e685950f2199a577c4965dae36280fc3eb8

SHA512
9a29c5cbbf32c288e9800b968cb8bce0b31b476345f1424b8215475534e9284afadc4bfac1c36f4f5d50435b1b4c92e3aac7ceeb05a7e6be00d4bf43b84071fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
48b4c672dfcc81f96b0de937b0b51a9b

SHA1
ff5ef36b44fc721cb150482db0adbab95c50413c

SHA256
7029f51136e7dbd0cd469be79788f913bd6fd5d2f04f92a87db954496fcc7a0b

SHA512
c440680b0d1f3740c9604a732c2d0bbbce3f22177c8e2c07ca1f9ae435f469aa49e2642ddc576317c273c3224eab3f069600b1c0f3dd98928915de5b8c6e93cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
035d0ba8c98634917b649d14ffa5de43

SHA1
7b50ad2f0516ba345151cfbc2e77f2ef25ff8c8e

SHA256
ad33398c89b9615c97bf02238ded223b3a3c2ba27e79bda50157867c21568010

SHA512
e1a5815f27723e188ab34b1b192760a526158516b422f986649ce1fe84b716ee51348a6f9fb468d6118236a403222e4b68c2ebf9111bb252654e3cc171a9b1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PnaclTranslationCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PnaclTranslationCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d7129093492facf077467d972d9f6406

SHA1
7537dbc2ec24f6f20ffc247f1e9cf86182436747

SHA256
20d6b322091daa80545eb57fa2da2a08ea58e1e3329e7af2d4a7309f0cec0c69

SHA512
a5999f9463843a32c0d4c9fda1d929bcfea46d2078cd28d2899855bc6fe03d67ac57e6bd0c5cd4bbd75ffdf4740460f893bef164924ae81e8f20c251efe7db07

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
ec322078b93d989a37039df5599ab3c9

SHA1
08905fc37e06a23c8479dde8ab909008cfb01307

SHA256
7c09b57e3ce27234cf1ca143da0b7cfa350b60054cf28588b19d6436eab6a641

SHA512
d3a747c1e6c8bf353814d49c7c1e0b98762a7bb0fe2d882ef31215bb77b5261a1656a6590e4a9d0b00aee6912ea9e37912f77add62e19088fcb5e84a6feae111

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
dd237433c12b411b2ba3940305080b30

SHA1
a7bdfcb526bdad6fea53450c2436ba9da4a7b44e

SHA256
4a96298b3b1977aaafbc97a0c5c630db82156b1f1e9af3cfbfef34eb3acede2f

SHA512
a799b8b41ec66d16a3cd64ce713fe58294c05feac767b1910dfe1a89d4db806aef69951d102bca4a3948035b74291733a241e5ff8c0d388ed6a64bfad08da566

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
5KB

MD5
6d94b1ae1e38f237af895b366b6ce238

SHA1
9af01369d6d420ee1c36a0a8509fa02efedc7231

SHA256
3222c98d245bb623507a1c2ae5bf3007795fb41dbfef0b50abfd5d97b0e9243a

SHA512
2522bb5a8bda177c4e9bc8a67732f2468272a973c3db1e7941b68be5039436d1d0f6b51e709781375e884e90c84f8381ad74435cfe0617c16a92dad66aef3acb

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 193866.crdownload

Filesize
13.7MB

MD5
3bfa2f12cdea344b3b21ba4de3c0409e

SHA1
ca343b0dd7987250daffafb91360684aa4a37054

SHA256
cdbd585ff1f74aa6b3f8ab819872bdc781cef3c3cf4ded3f3c7c4c2769f4661c

SHA512
588b8292896ede0888f18893597e80849dd25476464020960b8cc396f9e82dc1df781f66c1694c1c67ac1f180beff98ee6dceef55e93742653e8a72e9333a699

Download Submit