hxxps://drive[.]google[.]com/file/d/1sOBJHhjrgzhoGuMOnrm_-Z_m89zwO4fG/view?usp=sharing

Resubmissions

10/11/2024, 01:40

241110-b3vblawkhy 6

10/11/2024, 01:31

241110-bxtswawfqr 6

10/11/2024, 01:30

241110-bwz89szjal 6

Analysis

max time kernel
410s
max time network
389s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
10/11/2024, 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1sOBJHhjrgzhoGuMOnrm_-Z_m89zwO4fG/view?usp=sharing

Score

6^/10

defense_evasion discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
3	drive.google.com
5	drive.google.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Copy of 222 (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Copy of 222.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 750608.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Copy of 222 (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Copy of 222.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 832407.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
4696	msedge.exe
4696	msedge.exe
4564	identity_helper.exe
4564	identity_helper.exe
3176	msedge.exe
3176	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
4692	msedge.exe
4692	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4696	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 3804	4696	msedge.exe	79
PID 4696 wrote to memory of 3804	4696	msedge.exe	79
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2964	4696	msedge.exe	80
PID 4696 wrote to memory of 2652	4696	msedge.exe	81
PID 4696 wrote to memory of 2652	4696	msedge.exe	81
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82
PID 4696 wrote to memory of 2700	4696	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1sOBJHhjrgzhoGuMOnrm_-Z_m89zwO4fG/view?usp=sharing
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8fe0c3cb8,0x7ff8fe0c3cc8,0x7ff8fe0c3cd8
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6516 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6788 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,44597054856653530,10798625537127211805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7544 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1dc42a3d-4497-49cf-8712-7d1e3240e398.tmp

Filesize
10KB

MD5
5ce575f7372780eb86b026ae10414421

SHA1
bf372fba606d544a5ff340a68faf882bd9a65cc9

SHA256
e481a7eb6ef22cad704f1ce1286ff6dbac1a6b6e38685f1912d9eafd5942501a

SHA512
0d1d6583b8f6bd1789b98c55126d38d4c1a28f59db8f4b48baa325c22272a5b485c86375551e2c21fa6862a8977db4e2a14c810f877343928772410f3b47133e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
35KB

MD5
e900cb339792c61a3ed02f7c93d0ddfd

SHA1
76530c9e34114986f99b543d69c1d2576bd1f377

SHA256
a10d553e3a7a60fd5894031d8f57667a418a6ad6a43feb0af6166276775431f2

SHA512
6a8e3feebcd53172a0f5855c18e63055f1eaed7e261a8197ea0f9fb27fda4582ede7e572a78d84f3b2b4da13970c3d56cd4f4a0fa6b59b5df92b226f1b6a1f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
33KB

MD5
8d3c9ad0d2da7700f9f4025d78a020af

SHA1
850f31105791ca8120baf53e0c6e2407c2e46f92

SHA256
64bcc7f9c6d4b9ce6c38ecf0400da133c58afa82fc8c24ed1f87f27d7f215e26

SHA512
7ea30fb996929aa21a045b468bb098be755ba348b9339a82ca4b80644a002cc79015b4e664969458d03d936c692e0407520387e10a3d9d5bbd7cdd92986d895e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
13.7MB

MD5
3bfa2f12cdea344b3b21ba4de3c0409e

SHA1
ca343b0dd7987250daffafb91360684aa4a37054

SHA256
cdbd585ff1f74aa6b3f8ab819872bdc781cef3c3cf4ded3f3c7c4c2769f4661c

SHA512
588b8292896ede0888f18893597e80849dd25476464020960b8cc396f9e82dc1df781f66c1694c1c67ac1f180beff98ee6dceef55e93742653e8a72e9333a699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d0a73cd11e13ba6b07d710d8ea519445

SHA1
c3c515fb835f0cef7fd8d47b2ac79f936201a2e7

SHA256
cd55fc9f740793445ad8a80aab1f56740dead4c40cf728dd3e7a28651be85d9b

SHA512
1e444a7830cefea609a9c4ae541f0729ac93047b2c47f9851897c7df74216d909f4b67e223c12fac92022c9d370c635901ed3f5340788f2c0c20759931cc5028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
1cb023f600add1a8bfd1c85ab16ef8ed

SHA1
f0326da93b6b5dc62fe220e76f4ab2d7ab3b3903

SHA256
a49de4b3c92ab889abc61e0975d6d09f8f454442ce9a3805a1016dcd1731d799

SHA512
3fc6abcc4779efef2c363da5a45ebed4d7fbcb4b2b6005338a9482b47c4fa5646f8b9cc755c9811ae17ca946918b9163572eb125a9f10589073e1390d51fafe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
13b574dc47a0c275772be5e7a7968e77

SHA1
6adaee8dd6a4e7ec55dc4cbb32f5c160a05fb462

SHA256
5fe8c46c94b3ee9636e839241fdc436daaf2abad0566a70e140f7171b74ac63d

SHA512
726a40a94be37198bb973e734d39a2c2f60e5a8cb8604ad20ab9470051173a67c2e944c6a7be1fdb6bfa684dd281259613569108f39f52377fe589763ea6ae1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f995f52f84680170b65b10ade342d878

SHA1
c45811a59eb34adbd479310d177607c6944b2c81

SHA256
4063fe33343081af3fdd384ba0457683a948ccc067cf94811931f30cee78579f

SHA512
ea61c58360cf6eeba9269c6d505e3324c45f2026fee94e4b37f0191359a26918439ec757900cbe72986561007aa558933c5b79449db5d24bb3eb994104392057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
37fee45d724be27b5bbd9284ea3d6b00

SHA1
12ecdba8d6bf1ef9f081e08976f2f15b8e18defd

SHA256
2e6cf7e9bcbdb913c553111d49b3aa9133fe26a93531d758bb4c7adce475f07c

SHA512
694d1bfcb69d3e467d5332289121456ec3df402ec148703442d8c07b442042a2831b647c23a1dcb598c5675852555b5d6fb8a6fff1ec07eb31bee3ddcb17a13b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bad2228410ab7a17e72fd0c0204c552c

SHA1
7d5e02bf7a2658c0905f933e0def94b61abb0a7a

SHA256
60be7b8e6ba6830fe4fb495f3357e68e9b0678f6c7b592d16e12296a0e553ce8

SHA512
b3a2d66fbb414f0ffbb27df80ae92d1c3eef180f1321cb8862ffb097b3d61d3eca1d7ac0254a7c7c37758951629448f13b9a3a258ace63d57b0a38a75300c52d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bfc26fb6e0d96c068a60394b2d03d879

SHA1
b972386c4aaec5c3c697429fe7fe6057754e5b07

SHA256
91f5f207f5af17f2ac8558742dd28d504068d0e2f9ca6598db9925814f182616

SHA512
a3d66cf7972bc4d5d9961970f79c8d880e469ea819195749d9203aa17d36c2877b4b1d263af8b536c90f3a5cf913fbe82a37d0161232e3c2b1896e3fc6d761be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
84B

MD5
32b9dc9cc81d0682e78627c873fdd651

SHA1
46c486386d3e153c3e9b11d54cb52cf0064b71cf

SHA256
712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c

SHA512
f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
fa660659930a61a1294aeef76af719ab

SHA1
55b342a257c5e80ab7801a75d2883a9a58867305

SHA256
a126f8a69ee717cefb0ef0d52c6acf28cf957c75a9395f54f02543aa6bd87770

SHA512
f784e53f183cc9d22d07d79009219e5bb76ee7966eca1bd9e1eee429b94323fc7630d9c89bb0d04482944ced8de80bea9630e81f5ff51969602e5b712ccd2bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50c060a5fddf0f9bd32dc70f8f98a9aa

SHA1
8b656f2018362d66f18bb5e446f3a0a1b554f6ff

SHA256
68b6bcc5a6d2dc6d002c08d941164a43b802ee581210055d4e4aa2490ce12f24

SHA512
64fdb5fef25fd7adfa72e434e5fcae389f2256d33a4197349680ad76ee7ce79195ce9e224af21f05851c13688a6e3a726e56566adb1d04b6cd9fa944a9bf5a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
96e6620f47b92432e70d2a521839d2fc

SHA1
fe680231a71f2aae2f21da0fc98a8bd6c524f65b

SHA256
5018170005dfb8657a992a30871865a05cc573388edde68d67419f5569fedf79

SHA512
4a94248aebfbe7994decddb496c091fb2d84b866b8aea3e087f54d6fcabf94bd55f2e7a0bc988901aa2757fe8f3814ef11eb2b8d88cdec255812c3bb4f81d2e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a68286546fbed98443061f6dba64530f

SHA1
b28ecffa315f9d2ebebe70cd66d6f7ba46839b0b

SHA256
f1dcf8017a3c32913b02abff29305c68ffa46e2f897f617820354bb407d4103e

SHA512
c4aa2c7e412fd9e31bab4e5ec067de119f2581a1497f24bcd7326e421c9ce947ce95cd98413823d590db437b9757470be65055ae8d2d5fe8864deac09bff0430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
05afb616aaa1c9fd1e9e351d187311c6

SHA1
a3d6a58c719cebe7972720a7be23d803fb13b61a

SHA256
efe04326001cc93170d3648f53aa1eb4f21409ab83fdf864ac2541c9ba22d00f

SHA512
ffc54de223bcb32fd0cb8f42991e533a0051e055587e2c599b4412594ba8be047180c28c04ec06fa2689a9be0ac282100b8baa168cc735480af1c9ba9da53f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9986ed3bb8a5b91a4f3734c5d243838d

SHA1
3752d53d1e38a217a8c69859d3e09d763cb63f98

SHA256
f14b6f70951e753c7e7df1cd89ed048c87208e77e85dcb91c2f66828b8388207

SHA512
b1d1815eb8b76c0d7329b5e5ee99ba8ab11f814454d01ed00ffb838b1a6ce6231ad8b9e6de929e650354b66f9f7a4655ee3614f6f8929d46dc731b2701c64f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1264e389d0786904ffefc5e9a7036053

SHA1
fa14c951e8ad4eef3bb04f5fb4fca15263874b4e

SHA256
badbc5ae248ae77e95bf737a58ff2a405c01725abde4a8a703a53b8fcce93ceb

SHA512
9f789bbad9a778e52a04f2f0fd0bd08af67d63c0e576e420ee04e194f4e7f611a3a25f5bcd429deebb0e2ef6afdc4cf4d64f4b87791c6c1b5803f0d2ea4b1fe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90dd9e85af0fc3ea1b8cc3426303f476

SHA1
114843f6cfa7eeb7f6fc3901e294e8bc22b44595

SHA256
965b0515a25d9d0b45905cb911f589a7145c272778bc6f659bceda8a2fdbf97d

SHA512
eaf489462a5066b9a10f4abede7aedcb412f243cd3b5c6ae6fb98bfef1f9a52d929ff818c587a369a2925e327d8ce4fef27c48495b33241560c5d946a2a083f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
481286af9021b825a7848a81332b9df3

SHA1
321e6ceb67fad0837f297c18ba59f4a5d5f7df4b

SHA256
b3628c0c251366f27e12486638a12e04cab961e505df66500c10690d4e681de8

SHA512
edc34ecee040de022d8b9ae7b32b26b60e10bc711b2d3f402cd662d5a46a90d57a1ae77a8606b8b086413a728acd88578c804a07922650b0c3aaa2e31deda794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8df07af9a27f2facc23051b8dbbe85fc

SHA1
10746d54645dc1099bf8366094e5284610ac7118

SHA256
5ef94ae7f91567bc436c7c37f25d979d68ce6f35c22949dafe1c3d5dbcfd9258

SHA512
ce8213efda7f1e6475ef84db6905068e8120f15a9b1cb406837dcfe938056a98eeda6851d95cf098500ed038111ce1a9eca1fd2ca476c6085a5275102bb64931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1bf571a85bc218c48a94ae069390ea4d

SHA1
8c28c2beb0a246a879f83b7db8dc8c918c83a17c

SHA256
87f470d619c9d0514e10d23e3ebd21c025f7711aedd260f2c04cf89d11fe0cec

SHA512
e886bb67c434ec418a21be18e9e5dc019f1ab5feaaf795adf74c283dbac3d32a0ce729bb0851bdc714997b0b141314db92a8ac6a81377dcd24aceffa4e4b0712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a86c2944959541ff5be723e51c45ca42

SHA1
583a8a69d9f560a7f089c185b886b3548e999560

SHA256
e88bcf2a885b21859597ba3ba16e680fe313a1465478d04b4e5ad43e23dac273

SHA512
c0bc53dd36c9b7e006983ccbd0e94c3887919af9f752872f578d0aba30d6233bc480133803b8baba9904a13b0614de1e4a99fe8dc5e3052fe105d63a10b0c53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a1a86e0e8ead68a72e2b6cde2976eeaa

SHA1
2f6a6a73fdf03a4fd2437f987a350b8916837b89

SHA256
8ef05dc875f281e25433ed447c403275be1b0c1411a3696aee110817c56be53a

SHA512
c80a71c329f7cc860c3a6aed8c59ffa09a09436d1521e69b5f48ce507e8c8feff0b6f23f85f5ceeca95ab4bf2d466cb838fa54ba62b23305f46fedd4b0f4fe0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
37B

MD5
661760f65468e15dd28c1fd21fb55e6d

SHA1
207638003735c9b113b1f47bb043cdcdbf4b0b5f

SHA256
0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e

SHA512
6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b6c9134b46805a8a2c4c6f6339d1e8d8

SHA1
73c073b39110bc76cc055993d63720b2dc646b62

SHA256
c45df77c431302821b11de79ff41b45ef85fa3defe8d873ea3e3135e8113fe74

SHA512
ed5780bdab24f384c37aee04b45b5a4f0720dacdaa0f92695766d9bccdfe33dcd2abcfe76f1cffa8fa771bb14b1e5e168dfa2fea3c33e3c1df2568f8504ff64f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
64a08206b14755dc8bd25724c2e174bc

SHA1
bd840acdb5df4b009eccd75b252fce163cab171c

SHA256
e1df398c328bec43cb8d2c74820dbd197e20c151294f2fc17a6cc2c3999af16c

SHA512
52d129dc49310058d841d30952a65ead30d07a7882e91637880da12e57b94afff184e85bec968d8d1a57166ff9cc2ecfa3a9055def5e54532604e8d2ad5884d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cd911957898c1909f5bbe3caee8a3198

SHA1
cce5f514482556c2741cca9f10d2e0463ff45fb2

SHA256
fa7ba81c73ca6c13058de735cd2dd60afd86a500c3518467c3f00cc960186806

SHA512
819310bf590e722faacadf790399e34fdfa5cacb225856c33b399fd627dd19942cb0f35fca0b52db823bfe0d9ee39922ea8e312bea66d53e0e21c2489a6e8c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e5074a6635f497362a73351795d5c131

SHA1
787b7fbc5fdc2d3d9067bf75ce99a9c88c2b7bd9

SHA256
6a6a6e7280ef9159c8917171c8dd36aebea2bbdd452378f7f90600329647b7de

SHA512
f76ab84933f3997d14cbd8fa68b8cba7c02e7aa22b52af96987396512bf51bd6daa51bcf636db53fe82edd32e093e39250fe2c0c70768dc40993909c891fce1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7fe50e31d9b2cd232856ff3358bcbb6a

SHA1
d6ce7a9f36b771de5df339cb4ba4543a29305d1f

SHA256
fd6dab99f74e0d8fead27e3647444ff8dfeafb278d816e563afb2a32fd76337e

SHA512
b988f54dbcde06ca2921dc0e53ccbf3dbd5f923d76ed7f47280d74fb1f9d35540929138509653ed7f095eb6b66991e46a0c4e166ac185d6f27cf952057f8529e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dfd3a9a70b369ff7124baa5382df44fa

SHA1
4f0844eef0f2ca7889a23d5bbddc1064ff7a3f6e

SHA256
cc283113ef334b1abad6ed0da53da9914186b78b795ff68a435bba0e96666e74

SHA512
35adbef72f74086d60dd1e700807c4d8a56a24e2d67fb1676f840497c50a4e99aa37ebf3dcf2dad17d5fcffd71f29f0eee4500b242088a1c2e1b87fecc72e193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f330a8472bb2551a4d4ab2a6c98dd618

SHA1
a838f8af7aa127a1a80f8e8fb2368f2474dfff64

SHA256
e111bd34a6dcec1e27b93728258857376065301f77b0ed10d463d904427fefc2

SHA512
0d67cc136142f16778d7c3686c2f7c778541f9cb899619c44c375c23de207b0aa2d836bae195aa4c91622d37c724a84037cf01c17130006036a1a454f20348a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
18bd10474bebcb712b97b7e3e21ca2d5

SHA1
16194fec32cb607a0cc67e2c31fa3272d0b465a9

SHA256
c23fcb0a9b6b926d53506ea080e7bc8cd9673846bf696082589df82bd4c3f729

SHA512
e8c852f30f51aa527f5506ebbff5b5091c9c38caf436ecba495b76e1dc40c9e5140c53746512accabd03c190e754ca0826579f127f718aa24641ce4cd6b689ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d5bf.TMP

Filesize
371B

MD5
e35d70ba8b2549ded86b2605d0ed3cf4

SHA1
3f9cf3d6a0fc14b5860f445bedc9bb56cbfda472

SHA256
c1a8876550dd7cf3110d297245ec14337f5fde404873dd952f68df0f0e2c9950

SHA512
45226afc37d2e222d71d829947e79ed14ca86c66a463868fff2d00821167e7aa3eab9448857a79c0806056adb6959b5393ba8cac24926441076d0254bb14e9e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
efe070124b1d195f1d7402aa69fc2b57

SHA1
66afcb7a49b0d83e47d66ed3543231a694a1e3e9

SHA256
ea0c6ae2181125ec698f5e7cd10c82a8ef8cccaf45837f64398a4baeed372f7c

SHA512
e78c117c086feab88437f8130c00907f18bfcf6e4a38ce9cafeae18b97872ed315869f0abbdea590b752d02db685625a288d3d4b8ee0979819047428ff12aa72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Copy of 222 (1).exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit