hxxps://drive[.]google[.]com/drive/folders/1dFe-lxZFEujsIt1IYXpHmTfGVsENXh70

Analysis

max time kernel
892s
max time network
896s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
19-01-2025 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1dFe-lxZFEujsIt1IYXpHmTfGVsENXh70

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
2040	ProjectRecon Fortnite Builds Installer.exe
3288	ProjectRecon Fortnite Builds Installer.exe
4056	ProjectRecon Fortnite Builds Installer.exe

Loads dropped DLL 2 IoCs

pid	Process
4056	ProjectRecon Fortnite Builds Installer.exe
4056	ProjectRecon Fortnite Builds Installer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
6	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\45bb5d7c-a524-4c9e-b14b-5987f2251411.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250119032718.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 630364.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 619084.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2712	msedge.exe
2712	msedge.exe
4232	msedge.exe
4232	msedge.exe
4404	identity_helper.exe
4404	identity_helper.exe
4740	msedge.exe
4740	msedge.exe
1288	msedge.exe
1288	msedge.exe
560	msedge.exe
560	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4232 wrote to memory of 4748	4232	msedge.exe	82
PID 4232 wrote to memory of 4748	4232	msedge.exe	82
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 1772	4232	msedge.exe	83
PID 4232 wrote to memory of 2712	4232	msedge.exe	84
PID 4232 wrote to memory of 2712	4232	msedge.exe	84
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85
PID 4232 wrote to memory of 1900	4232	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1dFe-lxZFEujsIt1IYXpHmTfGVsENXh70
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff812ea46f8,0x7ff812ea4708,0x7ff812ea4718
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3040
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff654415460,0x7ff654415470,0x7ff654415480
    3⤵
    PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2996 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6636 /prefetch:8
  2⤵
  PID:4928
- C:\Users\Admin\Downloads\ProjectRecon Fortnite Builds Installer.exe
  "C:\Users\Admin\Downloads\ProjectRecon Fortnite Builds Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=948 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6636 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3128174567219883448,13964471774600735930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1172 /prefetch:1
  2⤵
  PID:400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251}
1⤵
PID:4928

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1584

C:\Users\Admin\Downloads\ProjectRecon Fortnite Builds Installer.exe
"C:\Users\Admin\Downloads\ProjectRecon Fortnite Builds Installer.exe"
1⤵
- Executes dropped EXE
PID:3288

C:\Users\Admin\Downloads\ProjectRecon Fortnite Builds Installer.exe
"C:\Users\Admin\Downloads\ProjectRecon Fortnite Builds Installer.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/3jxny5jcej91v1k/ReconLauncher.exe/file
  2⤵
  PID:3428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff812ea46f8,0x7ff812ea4708,0x7ff812ea4718
    3⤵
    PID:4940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
17ce65d3b0632bb31c4021f255a373da

SHA1
a3e2a27a37e5c7aeeeb5d0d9d16ac8fa042d75da

SHA256
e7b5e89ba9616d4bac0ac851d64a5b8ea5952c9809f186fab5ce6a6606bce10a

SHA512
1915d9d337fef7073916a9a4853dc2cb239427386ce596afff8ab75d7e4c8b80f5132c05ebd3143176974dbeb0ded17313797274bc5868310c2d782aac5e965f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
63af7b2048710d6f167f35d94632a257

SHA1
812c8f140a72114add2f38cab52fd149ad8bdcfb

SHA256
15aafcc88226b6178e02a93858555ca48fb205ae317815ce31aa547555329046

SHA512
0519b7dcbce66aecefbd2aaea6120c0da213d8bb3e00a7599bf2e390bee3f643baf952cc553766f8c2779fe9fa303570a56a8c846c11e2fcf9c2075c1e41ccc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ced4aad7256ce749edd2ba28023150e4

SHA1
c825c10448eb3b94e532b3023ae199c925ab1602

SHA256
c4458e5a2c81ec9941dae0361a0fe791dd6b9cb26dc824259ab33f450d31bafa

SHA512
30d4cab4d89a467b9a0c9395e0d30095619800682586ee3616ae1c0f146b2beacf264245952bc7e9d5bb0fc14290cdb2dd6a00f4b9b8e28aa338fd98a9a365e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
32KB

MD5
e0536da7556991ea99d64e645cee9489

SHA1
b9a9f2efcff0aa2d0f1aed4eacd533590415d12f

SHA256
5c55c2ea75d6df79e1597010b13043cd0bd39b02289e5413c0182bc9bc20e561

SHA512
62761a11eeedfb4780b5c643dbc248c633b41d3046b9fbb5a3d2f8c89cc8ee0b12dde7ef7f78402aeeb3d59f6df71476b132e766aea5859daaf26f79d77c1b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2144c420ca5ce3f7cab5b9a1eea56155

SHA1
eec54f104a457f178c911bd7cb4c3afe26abca2f

SHA256
43a6b12a0b51efb51c558fa370ebe2db2e230ec28f6436d9f911bf809a4eeef5

SHA512
f16dad32f560fbd0658cff54b20e8ea35b5928c27003504aa6c7d283cb94164e214b9fd2e460d59e27fcd8056183fd729128b0cddbd5e2186896ff86690fc4ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
b69ca1d9e7d70a76f2ead4f97dc4c5c3

SHA1
98f160dbcffcc8ca7fdcd3a7496979ef124b292d

SHA256
ceef084bceb246df83b3cc8dee5409743acde500772bc3c6a2f70ef7da742d06

SHA512
759e37c2c1c25e91f9e5be3572d111c46e5e2b46b35e5a9c035e04db79856a11d2db129634db3053e450cc508a3668738690091635f9f48825dd94824ce870ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
045d824876ec7a5ecc4f20eaed003156

SHA1
aa66b8bba6498b1b7f92bc8f1ea2a272a4597dd6

SHA256
9c05ab69e8850ddba86634b41baabdb6dceb4dbfe3d6c367387853b86d3cdc6a

SHA512
bf749108444e2832337f767a4f2146b28ae6dc10d017a2fe85262fdb59f75526e18f107f3dd4dc979d998e2bedfe36dd7432705ca2b0cdd7b089bc890495f38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
992db816a0758d89e398e31db77e9d17

SHA1
9979ffae4f67a33ae92c3726a89acfbac0c7f152

SHA256
45c489088cf5a7d513dbd5a2363996158c368d3e049b4323b0f4919da06820cf

SHA512
d0fa0470b9b3efdc795b7940353e1a1436fe23e6e9679261f67fb0975fd54920b12a1d96dc4fde45ed263a7cb4aab2ef34f45d79c7e0f9a1edc272e95800fdb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a27526077e77d17ee182bde1e26a99e7

SHA1
3759abab92fd9a591472a4d3061fb44100122d60

SHA256
baf370967c2e24da237a053ddfba18889934a3cca41ba13a429c51809545d726

SHA512
2ee12964d15a1cab99b90187fc9b60fc163fa3818bbb2b421ce45813638b00a83cb59ff809604667b4f263bcd97d376c6f775e62ffa17e7522224d31a0187f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe588056.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bac66d8c657a1b79e0a408c861cdfde7

SHA1
82363029b76a229772939afe2894b8f257c5d7f5

SHA256
04fc2d8dd3be9d178b5a7a23f592acb6458ea9d5bde3b7d5280461ee60d9a450

SHA512
fff9786097d702275f476e9c5aee080009fc7b0dbada035c94892cb215ecace1cd5cbbf4c1280a343c704a899218951b39b3e0aba36b873ceff7973efabcf117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37945e8a638c9a0164005cc1707ec259

SHA1
a12e680aff20dafbd8f52de0e08e886f33b7fda6

SHA256
fa652c9bb6e68a3a8fac9d3bbb926f064f8f5407f65eea7e198e1d8bd20b69d3

SHA512
5a458aa7faa3d1e3926c4cb05d43950512c395148c93f95883e8980e3ca645423291b4e9f158a5b8dd8c79bf1c896f345599fce9350ca7528576f2f41b0f5315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97bf47ef0dba8d66a02e5c58b2a14d36

SHA1
fd06ecf7a78c5eace9b973c3fd8f4ed3b8dbf088

SHA256
e6cdcc07adfb8024a98fc7b05bb8f39ec49aecdc45fd062a0e938900c1c0bf20

SHA512
d1e750f6e1d05833e717763758b25c34657c87b3238746fd385c8bcb9549beacb635966aaa5471819e365017baedcf69f409395d440733d973fd25e17fa1d910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
78160a48f074dcb0401d58f56e3badf2

SHA1
6574c0e9026f57278481a75690dd3eed0bf78690

SHA256
58bc1e37e899375744c3ae1a7c68af8c9d4fc586f7f19982fead420ccd420864

SHA512
9ac30fb02d76d5da1f8325412b65542bf92c846c9a80781622f8de28b7a487cdbe23e9ba885e792e400ae4da169ab05431a6092fe6c6c863bbda6ceaeb7a35e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9e67e823309b2d0a6f1954617949982b

SHA1
344dc3b66062a248c73fc96c45f1e52568815f18

SHA256
f784163ff5ded3f69cbe76a7f5002c3f57cea624e9bac3aecf08b56326f4b8d2

SHA512
8a6463d1fa1ed318fe0f8dd1d7877acd88b5dcf72b786e9a49d1ba9bbcfa96972a38dd42ed695b5b10e124c835f688832b22795316f5e65c0cc0a2f1f7f39205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24be80be361b542884cfa3e948f0cbfc

SHA1
376d1a9a991dd17b3568c634d4162a0aa332c0e3

SHA256
cb209f276d9d79f9818e5e21466be6d9d51a8dfe20963c20ae72b1596ad98539

SHA512
8ab902b040c2d4cb412a9f1d1224c1118699fbd868592bd6675ec992ccceeeddd02b9ef49359a0ba92f7da368b38c987ca0f62ba80d09427c5ec07546993cb00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
70a0f0160f73e8617e0d5bbcbfa5fcb4

SHA1
0307730369e0289e729990eba51978f0627f8cb8

SHA256
7e2cf9797f1dc06c326612d40dd5397441b356fa3b362c8b887b89600d64d3f2

SHA512
91e68d1f0fa6ca526fc73cdbd3652e9961da5ccedc169b547584d6d4d68bf8670bb1d2471fc78c84c88bca6c4cd28b304fc58f0e95e4953f023293ac9c7a596d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8ce9223c188d869703b8122a411b41c7

SHA1
cc61a27b316b4de33fcc553395d43f5c28dc69ee

SHA256
7b22f86ad374bd9207c4100b5089e0c2003c0915ca0b50d9c8e099c07532a9f2

SHA512
f797ab7df550609766316e534a8b28de3f12c3e52d4351f543c4213ff72459fc21f4e728058eb3f4c473bf70198be5c56f6e5e32642bdda56b4c94d8509d5100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b8d5a6329bbc5edf31844f6bfa4ae972

SHA1
1014d91ea7a8867459e7014a725794728d75793d

SHA256
2d90e12869f60c869911a3030ea58211b6b0da7c53d396769f4b3dea0c406309

SHA512
d6b4a08d7188e48b3ec2dbaa78f1ccc23334f43266602c677ba5c52d54554ad02e5ffc32e852de47291e3f1291dfc34db62d4a1eb5f631aad0a0340d30e5f7ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8ade2f3a82060e6d5b1e97b275213d86

SHA1
a13c13d850addf7c1c1d58c583255f77b40b7834

SHA256
fc73beb5ec396531d7267cd4980e720590ae4c7c34b6bc63bcceef59730d324d

SHA512
51d989a44462ffea680e4bd9b20c46705793236712d11f0400e12caaac3512d662a41b4b49e7e309c8e752dc7738eda080451b74736c6428541196dd7bb8ca98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4f298e7f274f007c836d7031e83f3a94

SHA1
03b505589c49d7534f28db66b4d7fd7a05e9a297

SHA256
f394ffb297f6e2b11dcb7736716f0c637c312c008b53adc2100f6b9f9dafd613

SHA512
f76064abe777e57f2008238903ce5db4c39d07768daa7063b7330e877c40f0895a4f6745bac196f9ca5b5469d4409d64641a5c0c5500246b025f366d417c01d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe591fa4.TMP

Filesize
48B

MD5
6ddba9d825bf97c7e26bdbfe38f14286

SHA1
d22cc3acf9bafc70dfde19184518de760205a397

SHA256
a96a95cfcb7865d05104d003387c15d90f7fbc31d804c2d5bebce5a9e23f7c05

SHA512
eac25dbb649ff0d5a2b15c8511db484d8f3f0b5e8a4ba75e3694630c9c954e19e309aa477824767fbce9fb65ca103c19f78a1cfc5039756787290b3a0e38d33c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
30676a873de6ab360f33e5426a40a3fd

SHA1
4dd26861e8b1934915e4a9a2ac73ca80e9d7f75e

SHA256
cab9bbbb45c0a22a03adc248722c13b78eadd0999ae286896fdda828f6154dc0

SHA512
6d1d5abc884599f5a0997c5af57ac07bec6cb282c3ea72e94a4a0156a7209b31410bf3f45883ecac1f393105b4f27d757a0319e7e6444f6be2999aff5ecd49ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b1aba2efeaa46cfbf728c9c131e20839

SHA1
2d78246f63945a27a0f3147bc0c7a2d4fe926d8f

SHA256
5b3cb4f08a5849cfdd02750252ec9a07f08f75d205222d69ff27fa2b7a29ab78

SHA512
c51ef95e9b37a2be27e2d9a47d3d3b9b6380008ed4641bd1340fa39bc6c4b4f4bd77636adeb62af983ae1008dd65b0e2bd89e63f11c465e75a32328a16f23d7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef12182d20a695bc597f5a341f133a47

SHA1
a2e639190a611956aac4001139425c1d689db2e8

SHA256
0c3d9586f58cc14703e33eb1af50df9a0ff6dabcda0409cd7785f287e2be46a1

SHA512
9d72b73077b332eb093145a9a576269c9676d47c2d56753a3ee9fa03941340e4ee86a362d552a184c043e94a6799c8989a88ed11213e7be7e56621b7f589d5e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
18efeba9f27bcd69432c303fe0dad33a

SHA1
c73c0fe7671ccf21d9250730be0be65ed963d028

SHA256
46f3d5cfa679cdfa9146c30b6947e7b562eb48e2c7aa4d943a0ad98255104f17

SHA512
9d08007c40316eb17208212517c9b74f25413cbabae04f382e04b24682cb9a77d06d824bab5d118190434a781b840ac5e19064fffa20543996daf8192c0623dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587e72.TMP

Filesize
1KB

MD5
925dc2de4f2851b4f0444f7d2ebc0ff9

SHA1
88df5484f30996ed66a9b02380d3b20133623dde

SHA256
6eda4ed078f95477994c276a1953d1d1de1872ff4a4ded85dfd852b60a59e1e9

SHA512
56e37cba8d5201886ef73321521a69e686a59cb9bb874d0011764191c33cc13e0748ac55b4775e3e913247b5920c0aba54cfde2e5e1f00e52e92fdf9d9506ca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
96e9694a09f70942ead54dc6b81eb1ee

SHA1
2d18708a6202089c91af31a0a5b4a52f69595a53

SHA256
83781505177c8f67694a294a0bb64413715f5004d4746d90fa8044bec63672c8

SHA512
dacffb14e313f66ced6b7b292f4a0bf836441b4e53a39ee238733dbe0da6bec8d387479379cb6932c9b30c3d4b66696003995bc056003d68f2977dd64d776b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d23ca11ea5eb606f384a3b55697379f9

SHA1
f79fdeb82350e229ca2c3d39c966b6b57173c5b6

SHA256
a1e1327b28dd36c91a38fffd0165ac26b34d31a6d8185c245971278e50ff4f75

SHA512
19ecec742b157a64e2a2e464eb25bbd67754faaeb27b5d5340d3a3b04a2d924d850824c5cf21911826d07b8d90afa037274b80600d4d60b11f8ea17a016a6a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
3d5001163a88933385fd7e42c465b3cb

SHA1
32159cd77e6432650096e007d990a6d4161d5495

SHA256
85c6f200d3e074dc07b30717fcd4a78512f1bc2ac2bb8a4ea17205fe5ef9cae9

SHA512
1aebc9bf153ed1fd56190ba8789a6c300da419172ff9812e7bd24de48262ef75edcf31cbd9964e19aeb5998b1a3ea8f4b46ec70eb4aca710e8a3f48ac4a4ef28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
265987163d3a3cf594a19716a8201d98

SHA1
ccd15ca267c559dd45dbeefcdb2d3109f2a42a80

SHA256
40a0ac7677616ef28c9d3b7350b95b2632df8b40091972b134fb094ccb1c909e

SHA512
c4a10d7522cf1a2c276beddbee17608d31da5d3a35d9c7d121aa60ab4184b20978dba510ce2fceee310b42da9180f71e313cbcf082e98d616c190616a13f3e20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
75178f4c158147e5cd8342ead7f0fb31

SHA1
2b14b7297b3b822c11ed333b3e45b93fd5a362ed

SHA256
5b7758b0ea7be8c5b99a3a43983634be400fcee91aed30ce79481cc32073192c

SHA512
8e5f804e03390832ce793d082a88adbef97081051df0777e9571d67eeeeaa754cb4c7da3ac8153003b7c6b8b0601e872dcdaafcc218b7cd77e23c97051276b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
217c505b89eaa8f9cff9d8de56baed8a

SHA1
67976a172e04ef58a4a967dfe4c031e838cdb10c

SHA256
7cf487126b4b75726cdb5e308c57a3dcbf1579dff8438c61afe8b99b90492b34

SHA512
2467f5f5be44f085cfee67bfd7d94bcaef422d429b5a27c6623af92a4e34481ad050ba760516a6273e8b8116ac1331a4f1cd2e79c61bbd90b9bc44e8ee657c41

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
fbc19a161745e4e1d0619bcb90fc4330

SHA1
df89fc90edda11249166429389ad9cb841220c4b

SHA256
4a08023441b57650473cb344b6133c770bd97e3262db46de21f541739690c9a5

SHA512
18dc7982b85ea1410a516da9fb39de9ff218cc5a88ffd1902a00b68ae3b61e0d0ea31d8f8ca76e36cb4baaf57b6385bdff2f58cf37f6cdabac7dd0bd068ed8aa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
fb4f964ef04eba88e0bda20a7a15ab75

SHA1
e610cad63258a23a95658a359e32c3d9013415c4

SHA256
7ab74e5ce97641b26f83ffc8d0aec4e41257fc393caa39c8fab9b27707637d36

SHA512
a9109523cb21bcbe244a489b20d6a95af357cc82356d122a93c864688fc92e35c51b302626974c82fa31d486d5fed6ff115c0ed08b33b4a45c8194db630fc987

Download Submit
C:\Users\Admin\Downloads\ProjectRecon Fortnite Builds Installer.runtimeconfig.json

Filesize
1KB

MD5
5b7e17cae875902139b780879ff8d5e0

SHA1
f003becddec13280f16c39aebf4c1b8730811ad7

SHA256
241035f6ad587e8938b92b5761df419a887199888635ff104534909737fdede9

SHA512
3a248c26f4aaafdaf5b657b1a1cd0b83d0933ecfe0fe52ee6e160adf6bc1268b5c4ab1cd54a6a7d59813f940d875a1d0316254414b1802a8fb85cd2086709757

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 619084.crdownload

Filesize
140KB

MD5
dee3d1a7a0ab281f762805412c571ce3

SHA1
8af852b069f70646e3717719a1a27d2d762ba21e

SHA256
a762bb7941bc8581c16af311bffc048ddca93bb8e7b45f9f3dea167354c9ba22

SHA512
daced7bf19a61d99238d2c81394477acee32eee4457a8e6e13c1fae5050e3206017078ef36b453e5ecf1ed46672a5e83726cd3c028abfcd9513de15722dd830c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 630364.crdownload

Filesize
32KB

MD5
e4416a230861b8ef7a21b2b52a9e6283

SHA1
83bacbbf56114316f7a1945651c0c03fc3379f1b

SHA256
22712263d7c62158dc5b9a49b5373ee5363c4d9eedf5ed0f1e62780dd7eeae2b

SHA512
cd61e99bd42f28a5e25c8f3f04fe52b90d7847a6f4fabee69a24c559486a88a7b2b90bc321e481c6f1a7c978e2b3eb5969fce033e89ff536c30b64408e96f50d

Download Submit