Analysis

  • max time kernel
    1008s
  • max time network
    1010s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2024 16:28

General

  • Target

    https://drive.google.com/drive/folders/15ZGOiDThXakdJERgwp77IHAPEh_WiCuZ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 34 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/15ZGOiDThXakdJERgwp77IHAPEh_WiCuZ
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3a5946f8,0x7ffa3a594708,0x7ffa3a594718
      2⤵
        PID:460
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        2⤵
          PID:3304
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3128
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
          2⤵
            PID:4896
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
            2⤵
              PID:2832
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
              2⤵
                PID:1020
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
                2⤵
                  PID:1092
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
                  2⤵
                    PID:1376
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:776
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
                    2⤵
                      PID:2676
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
                      2⤵
                        PID:3564
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
                        2⤵
                          PID:1836
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
                          2⤵
                            PID:1560
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
                            2⤵
                              PID:3536
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
                              2⤵
                                PID:3024
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2288 /prefetch:8
                                2⤵
                                  PID:3816
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
                                  2⤵
                                    PID:4944
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4836 /prefetch:8
                                    2⤵
                                      PID:3704
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:3108
                                    • C:\Users\Admin\Downloads\ReShade_Setup_5.9.2.exe
                                      "C:\Users\Admin\Downloads\ReShade_Setup_5.9.2.exe"
                                      2⤵
                                      • Executes dropped EXE
                                      • Modifies registry class
                                      • Suspicious use of AdjustPrivilegeToken
                                      • Suspicious use of SetWindowsHookEx
                                      PID:4936
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17214510233719186709,14416191328696029089,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:3228
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:232
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:4828

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                        Filesize

                                        152B

                                        MD5

                                        6960857d16aadfa79d36df8ebbf0e423

                                        SHA1

                                        e1db43bd478274366621a8c6497e270d46c6ed4f

                                        SHA256

                                        f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

                                        SHA512

                                        6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                        Filesize

                                        152B

                                        MD5

                                        f426165d1e5f7df1b7a3758c306cd4ae

                                        SHA1

                                        59ef728fbbb5c4197600f61daec48556fec651c1

                                        SHA256

                                        b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

                                        SHA512

                                        8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        1KB

                                        MD5

                                        76f3effd851d8dbe5fe9299173f7dd74

                                        SHA1

                                        a2d345735194b10dc6180b84627ec21356f9b271

                                        SHA256

                                        c36c9f13d179224a6f8722d71babf6bebb465aff445c2facf26d329dd668593c

                                        SHA512

                                        38b60c71911299c6ed75a676d33c0305ebeceaf8f9003fcf97812723cea25f545d5bb39d6589894a2e19eeec712d0dc6bce8eeb6133d9fb7f62796810a0b40b1

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        1KB

                                        MD5

                                        be016df8e93840f16d6bb53146a0c3ed

                                        SHA1

                                        751a74a002aea10833eb9eeca53103896ef80e4b

                                        SHA256

                                        cf6d22e481baf95f6521db1e21bac5a8f27b7ba395318a24e3023f4c55f373ff

                                        SHA512

                                        54864001f070e50f24b1b62e45a6a711ea19944f41df069619432c9964631f46cad766a847631094fa9a0f2b663527d767d18b03f0273a2c8c0b07cd1ef96bdb

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                        Filesize

                                        4KB

                                        MD5

                                        84a3104cecac93de2dcaf0c1f400d0a9

                                        SHA1

                                        6ed1c296a761deed6ecb1eeef60d8545dbcfc5b0

                                        SHA256

                                        8044b92c3c71754de642817c1241f73071430d5a1eafde175175e383e278a9d2

                                        SHA512

                                        535bdb8fe161bcd852df27f178c8df0000abd39aa9a08e6ac070e8aac9fe967f7d99f1624c0a9dda3d462be909ccbbc60bbe41ab473c991717a3a22f7a3af0f9

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                        Filesize

                                        4KB

                                        MD5

                                        b9863bb49869d3d0827422c6dd25a640

                                        SHA1

                                        67b389508253c1eca483b7ea1c7e8519be45a893

                                        SHA256

                                        30e6a2cfb57d04940a397879fb5ac9084a79171088e32f240b14f6ac5c22de35

                                        SHA512

                                        a1f357144116fa8cb9b58dbcfcf22baa16919b4a09aa0bd5ed610feb1d4053a9c41e92833c250447ab802208d37f2d19d761482e79a048c9667ea608986e52fd

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        7KB

                                        MD5

                                        07705d4474fad08ae6e07f8ea420cfa4

                                        SHA1

                                        4729d31180a8fd9164c93bbf63a01be9f6ffd089

                                        SHA256

                                        e2f8a92ee89e99c6446b5ea010e73d2ea595a94a608c76eadd46f846b8124313

                                        SHA512

                                        1501b7abc7e54eeb818df1a7a3f68707300985802c5b435c344da018fc7f48fb670cc9305c65400fadea6451971e65491b2e1ffda30a49970ffda4e8ad66e21a

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        96c1ee4fe69f6ece7bd2c37cd0184952

                                        SHA1

                                        6c65372d255798cac9b4d176e478a4497088ee76

                                        SHA256

                                        7ba4d4e6d0dff4e034d9c94b385122e432c92bc5e9c1074965c5a6c239384b70

                                        SHA512

                                        9a9d0ab51ee3ad93f509b31577a03807edfe0b04eb81826458a35f586308386df37dec1f0fbc7d48e90a97284c21d37c8752d9675524aac81e697f147a24efbb

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        5KB

                                        MD5

                                        0f98350cc2831858764806bd74ef3c41

                                        SHA1

                                        f548f47dd4eb0536d0022356b7ef7ed8f59cf430

                                        SHA256

                                        7c8be902c06e4aa5f0252a0d8f7dc95da99a63c0790dee7a9db62be0ef6b9bff

                                        SHA512

                                        fe82fa6fec502360e63b311583f35852947b0bb62ef30766193b85235ea8f4688b289b8e71a728e4a1cf8b1942495dc3a53477f72f6ac5d8204da5b5b9788bcd

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        7KB

                                        MD5

                                        bc2aecc62b7bb6ed54c991a90f67d9b3

                                        SHA1

                                        a01ff61d730707def3d80684aa0258bafaf21cdf

                                        SHA256

                                        2f7498aabea5899f7f2f322391d3d1466b496ade3ea644022b9e7ff96e29f8d1

                                        SHA512

                                        199c7085f79cec644368ffdfa228df40c7d10a9f19f5e98a0e4d1ec8d1150771286dbab5d9f057e2473cfe81ce89aeaeb9b4af3a9c291d8a624b633db9d87434

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                        Filesize

                                        72B

                                        MD5

                                        e784c2eafea62b8dba481949c50d37bb

                                        SHA1

                                        e15833f89b1c703aefbd98c19d2f5eb6a892ecc6

                                        SHA256

                                        6f9c2f12745d6c11dd4cec013f9f93e5c47a49a93f9100797f8d1d02698552ac

                                        SHA512

                                        aa1bbeb25927a530d2384bf1838f908277911beae2d70e78ea23fc249ab4eae5ae308253e4023947f2b7c387dd8f8743c07c7bf643d92fda3202eac76930e24b

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57eea6.TMP

                                        Filesize

                                        48B

                                        MD5

                                        8399db60008743173a4e63ae43a0a5de

                                        SHA1

                                        0de4baf6ecf0fd810f7123a35a4602ba1a5d23c8

                                        SHA256

                                        02634046b42239ef533d099a50d1cc881b2c02faccb33a99b8f63fe5722dea04

                                        SHA512

                                        498326a45769af187014d49457d0ec769ff729b4fe70c1cab97a4ea7d54d19eab43c6795dc5b0285043cc8d066cd793e4d00ce53a3b45ab511c5b1a79692d76e

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                        Filesize

                                        1KB

                                        MD5

                                        f292c4c5337b39e2c370e510ec67e38b

                                        SHA1

                                        9981a263bb9c7200b6a2647bc958d27607989c6f

                                        SHA256

                                        caf4c0dad87f9b04f5aae24a9df11861d55d1aade9a6238c7f8136ae7a5626c0

                                        SHA512

                                        5b4dd6aab500b9ce6662d71244073bc57ada7ef25ffb3e14a6de1292a7d93ff9ffa408503c85a6de58b8056502b4eecbc6d930f48c412e7eb2b37807d5f0b4fa

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                        Filesize

                                        1KB

                                        MD5

                                        1fac43e8dd4be3782e29b9ad77109765

                                        SHA1

                                        a430d940b4de34b38f70289bdbfd1d33106b1f69

                                        SHA256

                                        3d3ffd34ce442fec69746ed5f617a13506e838dfb4c984aeeae427f646ee4573

                                        SHA512

                                        03ad04563e7fa825f886a1dfb3f5b76cdc4f63e8316182b13279638f9369d93b92a23827fa46e41e9ab8a9094cff47151418b6b3faca1163f7f652855364c924

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                        Filesize

                                        1KB

                                        MD5

                                        952c8204c082b91833b638f64404583c

                                        SHA1

                                        7ea4f2cb16f99bc45c5391aa322e8badcbd30a32

                                        SHA256

                                        ccf85ffcd8b7e8138edcb5e80714a28f4f3cb32425e3de7bcde568ff191039c7

                                        SHA512

                                        827fa76dcb81f6fd0ed49b437c08653888b5358f734165adda9d55b84aa04d33302bad0cf03eab01e2ff936df43eab11e44d454c392c18397680d937a5721a69

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                        Filesize

                                        1KB

                                        MD5

                                        cded73760ed5ae54bf98f5e4d585436a

                                        SHA1

                                        ff1abbcaa564c5d5e312127bf8ee5f37e90a5a2f

                                        SHA256

                                        d2214d4ccfecde80d3f72ddb26790c3377dbacd90b59b82985e98a0d81c18465

                                        SHA512

                                        d3fa3a219bd3d15df2ac9ca5dc4df6a8e163c045b938834724bc1208e40adadfc02f32393b28f28ba5a44ab1284804bf4f12c826917afd647f4ff69c2af9c2b2

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c4e6.TMP

                                        Filesize

                                        1KB

                                        MD5

                                        6e87c14722336326e606b61eb6b992e0

                                        SHA1

                                        b15f03a994077e2f442deac97218795e78f503de

                                        SHA256

                                        3ca3cac247b34a5b4fd7f4dce533d9e819445835238399f1f325b941d7836a4c

                                        SHA512

                                        43e34cd7f512e5ed4bb8a3f5d59d95f6a80547b586b738b3cabeb31d587a1fd5fadbac4b8e15a9b0bb6f2d5f5ec4e03e21e086cc1ae474be8006fa82d4f745c9

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                        Filesize

                                        16B

                                        MD5

                                        6752a1d65b201c13b62ea44016eb221f

                                        SHA1

                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                        SHA256

                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                        SHA512

                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                        Filesize

                                        11KB

                                        MD5

                                        f21d8e0f1f5323114ae84b2099fd0150

                                        SHA1

                                        266241814ef54355310ac945d87fc50f40605cc1

                                        SHA256

                                        37aca3c8f29d512276f89db1add97929b5c5f1b09b92cf1ef56accb85a46dbd0

                                        SHA512

                                        4a206daefee4787b3e3bbefffd3839e08a4f10d2f410d1aedd5a03b538c5f91aac39caa4f58140e4cff040fda8a67a275be99a4fd75d44c9cf0c215ae6281a80

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                        Filesize

                                        10KB

                                        MD5

                                        0d929c4bcf568c0297998739b2a698cc

                                        SHA1

                                        a45dd387fd13f3eb3274c1e96d0572b35f1b062f

                                        SHA256

                                        5c37d1f03d46587d26a11f6f9fe22ea0cb273d7bae0eae3245f768be5657dd8e

                                        SHA512

                                        9b238c813b025ce40312c8ddd886d26b22cf0e362e1dfe3711f60bd4647a44148d478f41a769af4e5229d9f34294a3b7b98bcd459f67e5547d2d9f8b72f2938c

                                      • C:\Users\Admin\Downloads\Unconfirmed 671033.crdownload

                                        Filesize

                                        3.3MB

                                        MD5

                                        2c942eed7aba999ba5b5afa5be21aa6b

                                        SHA1

                                        be23cd0706daef313daefdec55a71c5965236b69

                                        SHA256

                                        ec5e9d128d4460e212ca859cb257c95bba3776d412fe7859c4c8c91633e3c9dd

                                        SHA512

                                        2299f76b0c522a2dc01c3ec11b8d912b5a0016c4a2787622095369436211b6c584fff0552047ddd73ec2419cae6dd9a228c304166a354092fcddbaf2f6b221c3

                                      • memory/4936-412-0x000001CE67E40000-0x000001CE67E78000-memory.dmp

                                        Filesize

                                        224KB

                                      • memory/4936-413-0x000001CE67BA0000-0x000001CE67BAE000-memory.dmp

                                        Filesize

                                        56KB

                                      • memory/4936-411-0x000001CE67B90000-0x000001CE67B98000-memory.dmp

                                        Filesize

                                        32KB

                                      • memory/4936-392-0x000001CE4D620000-0x000001CE4D65A000-memory.dmp

                                        Filesize

                                        232KB