hxxps://www[.]mediafire[.]com/file/j7s5rlcr7k39h2r/paypal+hits[.]txt/file

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/j7s5rlcr7k39h2r/paypal+hits.txt/file

Score

5^/10

paypal discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand PAYPAL.
phishing paypal
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-940901362-3608833189-1915618603-1000\{9147FC92-F01B-476A-8FB5-DB3CC82384E2}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2744	msedge.exe
2744	msedge.exe
2972	msedge.exe
2972	msedge.exe
1868	identity_helper.exe
1868	identity_helper.exe
3460	msedge.exe
3460	msedge.exe
6116	msedge.exe
6044	msedge.exe
6044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 3836	2972	msedge.exe	83
PID 2972 wrote to memory of 3836	2972	msedge.exe	83
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 4856	2972	msedge.exe	84
PID 2972 wrote to memory of 2744	2972	msedge.exe	85
PID 2972 wrote to memory of 2744	2972	msedge.exe	85
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86
PID 2972 wrote to memory of 4716	2972	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/j7s5rlcr7k39h2r/paypal+hits.txt/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8e3646f8,0x7ffd8e364708,0x7ffd8e364718
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6408 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:5372
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\paypal hits.txt
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7100 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7180 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2064374920614037928,14041413740284700186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
  2⤵
  PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
27KB

MD5
3656c0ab8174be594b344ce73ca49cc0

SHA1
d05950ca3e1393b4b7627dab9b510083b2c30cbf

SHA256
15e3193621ecc8eeb98d734988e4e8677b437ff987597d2b43e1a7511fe7fee1

SHA512
d94b395913014ae6f931121596557f38c4ff4ea65c66fcf827d139938cdec90d920f31423d7a92e93f7f50ccd347aa7660ccb3b44f93ef3a282c113c8d740aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
58KB

MD5
0cb69cf017b035984cf34440d92a9fa5

SHA1
a1e776e8f650c6b67edb6f9018538eaccfe8bf0d

SHA256
bba2f8b6133c2f4524b47f473396a792ed3759c4106c96cfdd55205e7a1f3c9a

SHA512
5e34f05e396e57a71fa51c4f4a921f1d61defcd9290fdebe6568f7dad17712eb471694851b1f4518cd8d777bd47125d7054a4db7448934b87e061633135435a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
24KB

MD5
b37a53936d7389f2a2e055ede0c3e5b2

SHA1
2afe81360be9872da3f6144927f4fab2141d9070

SHA256
eb4e27f9ccb1d9ced22f07b30aaaae2cf7c4f3f6968f9d2be4d75ae9ace68a34

SHA512
aff3a3d1096c5bda3ffdf6b7b64b9c65085c8866d5898f3af943a0a6237499a700800f122b867817ce9db637cd345a2cad66b97f4caacbbe93203dfd95c1679d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
217KB

MD5
88d2eafd56560e3934a946fb5bf0629a

SHA1
6cdd1d5654039475a0ef70f03e4deb5a8ca6bc88

SHA256
9131464b8d101ef3a2e9487279f761a68b3e5a40717f88cd200780c3392ac229

SHA512
19a4dd8af7923a835e039a142d2fe1eeef5ad66d44f87aaa57790c089f7a2e170be0be44f344a0cedadf827b26f8b44dd1c4f73e2d48d40c585fee7161b0c2f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d3eb2786fcc044df26c2ac7cbd2a2121

SHA1
eb92011bbb89bff2f90e4aed3f26a0f942fefb49

SHA256
3e8db7e798cac463b991c3eca26d915100e7e814a67a40f5e5902462e2e1e7b6

SHA512
5f7dd7ea20a72e74df6b848b1eedd90f9053c12bc5524a3997d6b025fd33abf86c80ab353d3538322c797904129d81bdafa4d1d543a5a0abee3067eebb56f769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
35f033d5eb155c78d9d0e4f47a879a8a

SHA1
6a74a884eb88a43758b25ce47708e5dea7a28d04

SHA256
ef45628be713e5c1cad1a974a7b78b9e4e1a8cc5e6f9db707e3426bf55f5fc18

SHA512
3f9f95830cb4bf94dfd1500a7069acc96f15ea2637b77d426ee15cfc25e8a282e2acc4bb91306d7b3cb49b9446f6e3b169edb56c9e994416cd1df995f6f0fcc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.paypal.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
e253f28529b33438747fc3b9dbe62afa

SHA1
14b8a44e8d1c8c4cb7a32101485b1f0681d3b161

SHA256
70defbff3468aed8b50279eb5db5961273e081d95ff1608f07babeb543a2fd5f

SHA512
82b69992ecee1424d2c21a1bb1e6aa25551cb599bffe33d990f1e372f7fe1ea3282518757498687f74cc7366871fb4a2bcfdc02bf58e9e55f34d98373ff91b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
33f03bcdd9dff8540c3ae5c4658c1bfa

SHA1
cf3e987c73b4f54464a9366f5dbfa7d29d00e784

SHA256
67a8f862a9d7c50401d9ede67d58fcf52658c454f0dc7663333c61ad97d47ec3

SHA512
055cd8184e13f8fb8c36b076acfa6c3fd19340350024523e173be04e3e9155b4e56d853fc4a324dcd24f18fabed8821b29e4de481fa92796f82f38eaeeaaa25a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
10296d45532c58d6176562ccdbcf1294

SHA1
2e1070f2c6721e99758c139518548630c8999e9a

SHA256
8d2db5b4f6ca6d4b05c733e25e4568fcca8c754047c521aa94fc5de8c32be607

SHA512
223ca3dbea7ff7a284301d80930c0861aa0dd71477f7f2dd2f162a3cc88e67a376b226c684736b84f952ec73612c24eaeb7af76b34ea822bf895974a3167a31f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
be1f6d5a99285690b9a1f84d5bcb6776

SHA1
d7ca3a4b374e980a17b6ffa3b8f02a119f9712b2

SHA256
13063875c0b67d177e4d71093f68bbaab41733185b08ee022e39989a0a233edd

SHA512
ca6de4fc3dc00f7038d7a68199cf34f94610ef65d5e140e9c257ba19ed81e4b56da93881ac7ee5cf3114938cd4aeb0ae6fee84ec2f4437abdb47c9e33781b31f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a3a2cb54abf68b6e3261b854683f823e

SHA1
37786bc6a55afc6ff9c06a77db927ebd7cc65fee

SHA256
2e99848ca62531022a923d04361faf9387689472ec2d629fb8bbd8698803c6a2

SHA512
50f305c6ad4fa9df50582ca62f8c30fa5b8c6bdd1956233524fa894635cb933db7e4d3f6ae83a38167e3923739a0ae2ccd9f1acfde623f99df8878dc9645c701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0d3676f07f535c1c387c25e64b7760ce

SHA1
6539f299b9e9641e1dd07a189b026deb3b851829

SHA256
39dea54cea6a38e9f9de4505d2da98f4713f97884bc99c4ccf5e3670815dbc4a

SHA512
733eacbd5633e9a89a1c0986168aa3c18c841be2cc1a0d47ea1c3f4c42884533ce43720d85d272171c1cc5e7b055c6a83beb8cb4c1817ab1c3e645ce27d4ffc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3bb07a116a80b93188aecbab6b1eaa40

SHA1
b79a04e210307067a97b4018aa453bb6ae1ca24e

SHA256
dc4dfab03b3281d8c2ace1bf0a28788b3f7d3094a85969796afa9c1d19e70c12

SHA512
6c98b921fd5499bdb056adf70cbf4f6b8e299b46dfd91f86d03bc23ad6f8ee5ebee01767c8365036c5897ad3c06733facb9dfc7f95bbd563a7cb140caf13cc46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0923eae36507a0d2b8284a521c77942a

SHA1
827d993423c450d3496df64bd89ab0a1e7306aac

SHA256
b282c26da9d5eac419eeb4401b2ed13eee2b5125bff071e29bec8b7de61c3f6a

SHA512
9f18b4c9babb9ccb34c2a74c179ebc70531bb5fa2dcbe35483ab9e06c4e7be147d8f80408f5871c0d96cdb3044d924556d13b86c59f5396c55f5eb3d972acd63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b8e647a2b441672254346f22ec603a63

SHA1
e71057ee1556b7457c9f4d93c9e4abac6f017343

SHA256
33f3e95cf6701a3a69c6cc397db5bd8efe5821c933801f741ec1efee451f9590

SHA512
fd3bcfd440adce77e89749e797b5696a567761785457e2d59f13d4a6174d23afdd5938c3d51cb63696463f1b73c7f7e417a0c43b1febdaf44e1add49b8cb9fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
419412cf4cbe32f2456dcf77cacaf549

SHA1
bbf72612a786348150a4b4f7b90856fb72c2bf79

SHA256
5545c03bddc4009a546499e763dc49090ce0dcd69580f8bd9cc469a5f52b2eba

SHA512
f4121cf875973eba87ae672d63f0a61598c45ddc457cd6572ef151a44e1bb0a2345e8d79dd8289b51ce0770e646b149e3fd7d9e1c3536ef68241566b1ef9982b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
01617a9fed9a561cbdfa817b4268cf1b

SHA1
ea6eeac4c7937b45291f5ae22e24bedf4e2116d7

SHA256
f426e13e6998c0f286a4477d7e2abaae6e6cd8e8339c9284fe7ddc890f1ea71f

SHA512
87efb784f10a1c3922d7e0db6613ebbe4c21691214c959300c61af28c3fdfd737afd0264beb4ef94d41dc2a176f9411f55a69a0ab55400725a208c9b4ec40037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7cf8e04e50f73f40a9221c9cae4d9bb0

SHA1
9fc43e4005adcc486459d87d0e9b55cc872bd4c4

SHA256
93948ec0ba8da6fe9b1b00ff6744a290f12227cdbffeef441860bd15374384ac

SHA512
d5ce99b001d66e4a318d1612ffc13045e06e4d786ca472ea691ec5d99238321b2ffdddf5364b132c79dd0d2f065e888f4676558e9eab6b3c13f687d7c97f3cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2021eff2e66b84f3293a7e19c2904e84

SHA1
7de199d3fa99de245bf83df3aaa5bba022094324

SHA256
11b7c8c7b18131971cb989bcfca6b045ced55c6e342b7e822ea42456a97872bb

SHA512
eee529c5e0e2c6030925875f346d7ae280d2a9248add992a29e6b32647ff53871c1b6544c5a33246ef2c5ca3ff06d47c6c7d2e44969baeb3ce5ef99e2f891573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
156c8e4210999e1edfc0c65eb63891d7

SHA1
7d248fe978c08e88a1f8af396c10a0a31a93eb66

SHA256
53ce998a7264bd7bb2b950b3086eb8b15bffef9e60a00f68a9e4b26da3d4e543

SHA512
28006e7c5cc7719105d8bd9ac5b0a885faa88d554be3dc3bbdc864f5c88fe0d5935b845c002a821d23154cc502bed34959e00bb70ddce3cecafff14fc410646b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d4b07b8cf3bf7d5ce2d903f3130c8222

SHA1
44678ccd8130ad27ef92d48fd17fc3c37a585c97

SHA256
5433a8287e7a6863e226f9126ac08604dc792d509a5009b9dbbb1afcff26bfc4

SHA512
a882fbd54f2c78f2dd6d4dddfaa675143d9ec1301907fe4d7a9b4d34028bdab24982fdd90ddb97df3bf433b691c83947a26dfa942abc0f081925943af43a7f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5829bb.TMP

Filesize
706B

MD5
45fc2f8f2e3fb87c1746687cdff3e01c

SHA1
7590344d1b967a3765bdc9fbe6b437f0c6ad7075

SHA256
3f6e0712ad00a332331851fb85cd4cb12c72214535806e20bcafe878cc8e16dd

SHA512
3b45b99504a3dcf9ba7b5572319aa8556a5d74b63d179db6faa10a3e41583901fe28576e993d3eedca440ce54dc1bfc2fb8e7abe80607966a1914e0a6483bdea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
67ed6aa99e05f7dfde88b08fb6b2fbdb

SHA1
2dadd9dd7d936b66319325a652a1f8cd74b811e1

SHA256
ac28868e356de0fc0b688881095cf66f41a5997bbcc5ab8c9107967bfbee572e

SHA512
08effa6f0d7bf84bfaf1914816693eae0d1c95e721cf89f2170d26b8b980e26b4e7e4cc8191b88c462d0ab6a53bbd05a86a558660ec2a53f9885e14e464b6ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8e2a636d3392f7c0a3a71377d91a198a

SHA1
3c0fb6b3d837d0ec28cc72aa9fedc823bf9273ef

SHA256
5b9e348c163e824f206027ccb4ca4ac9a2b7278607be844b49b2986b445872e3

SHA512
f0594de6d078396201733bdcbec0ace8fe7035dab551bdb5495a1288633ade4da58c07786119d9851a233aee6cde52fb8bc702a152ababd75092f4796435c3dc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\paypal hits.txt

Filesize
2KB

MD5
af7933df67e9e5dd2b8a6b6b11a91dc6

SHA1
25386d75b4285be2995d8cab2f72e6f1f32106db

SHA256
ba1801165b99dae8e5a68c17ddc62c4385181937137653c2d95080e7fec957bd

SHA512
b5f509b445ba3130a7b3f335492dbbc0af4875aa12e0aa603d62396b28c7c96a8a121d33924ec8d65e04f66348865810b732cc0650d0e826c30e726dd61126e3

Download Submit