snakebot | hxxps://file[.]pizza/squid/anchovies/shrimp/coriander

Analysis

max time kernel
597s
max time network
600s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://file.pizza/squid/anchovies/shrimp/coriander

Score

10^/10

snakebot snakebot

Malware Config

Signatures

SnakeBOT
SnakeBOT is a heavily obfuscated .NET downloader.
snakebot

Contains SnakeBOT related strings 1 IoCs

snakebot

resource	yara_rule
behavioral2/files/0x0008000000023299-703.dat	snakebot_strings

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
3188	msedge.exe
3188	msedge.exe
4664	identity_helper.exe
4664	identity_helper.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4596	msedge.exe
4596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	3224	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3224	AUDIODG.EXE
Token: SeRestorePrivilege	4220	7zG.exe
Token: 35	4220	7zG.exe
Token: SeSecurityPrivilege	4220	7zG.exe
Token: SeSecurityPrivilege	4220	7zG.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
4220	7zG.exe
3188	msedge.exe
3188	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3188 wrote to memory of 2412	3188	msedge.exe	37
PID 3188 wrote to memory of 2412	3188	msedge.exe	37
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 4188	3188	msedge.exe	91
PID 3188 wrote to memory of 2076	3188	msedge.exe	89
PID 3188 wrote to memory of 2076	3188	msedge.exe	89
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90
PID 3188 wrote to memory of 4196	3188	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.pizza/squid/anchovies/shrimp/coriander
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d9c746f8,0x7ff8d9c74708,0x7ff8d9c74718
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5464 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8554007252697222111,14526897189795442328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:1780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1952

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c0 0x3d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3224

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3636

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\PL\" -spe -an -ai#7zMap16339:66:7zEvent10467
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
53KB

MD5
59f0c5d92aa66a8a5c30fcdc67707e4d

SHA1
86db2d166c4c16e06faa22defd8d47c742b51b74

SHA256
714dc354d00595120e01d20d44dbefbda94505a1cea42bfff57cbafb2aaffffe

SHA512
a9ab907b754a481d145557736806813dc426bd05d58d175b83e28cbce299c3a23b43bc5800d24d6967af43d738b7dea98546012e5596a657d1f2a48d348e7a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
34KB

MD5
6f88ec2ad0393cb0b07cf099d1963d89

SHA1
d4936e7647dbf4af00478f6a4f39cbde7d40e468

SHA256
2fab39f89f11dfc7a173de8eddd5fc5a0ccc66b0bc911979663e2a7952d8edc6

SHA512
e3a31043e6384f418852b8405fbd8deb74ec83ce015eaebc88d7b5111c38fab8b18e37d48f24b82122ac734730a85e42f9c3af1fb858548daad079899ebec209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
55KB

MD5
07861ebd3d0ff645f6e9b1bdeefd0856

SHA1
78fba41944d4d1428ff343ac5e0c675bc0306316

SHA256
0a0738763e0d4d4af6da289fc26b48021d2bf821aaa021c8a0a8ce4b77949bbf

SHA512
47744839f9075a01a7c70e189754580c2d41cbb1bca882ef2b46212d61dbd14d2258c618af8305c8a2b7e2cb881e15a9a0cb6b36b523014625a5fce3700ebfba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
35KB

MD5
b0eb05d9223ab4732c35c100ec4047f1

SHA1
dcd31a72fecc74fdf50e9b4e9d1ce17f203ae2a3

SHA256
4de9d14ab9a5ce5f190af22ff2352fc85f1e7594aec08375e2e677b94f772ef4

SHA512
41fb52040f8269ef40eb17c8afb317495a99f44c0d8162e8948ac77302a9c92ce273e54d3e5aa1b56d935f33bbd80bb407a856f17b771ec3b81c3ba134f00126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
240KB

MD5
3b3f0e2ddce8abb2fb70e5a4e46f80d4

SHA1
b7a71a18fb864047e76670d46887f8738e54ab16

SHA256
20cec9e7b91a58e9fcc45291aca26af169f85b69b8fbae7faa065046d00a91e0

SHA512
2c055bd298e6272a07df2c1245d96b5ca8aa2bc6b3a3c853ee8678436ccaf741957397d8a05e4370811e461deb86d596b2cbb9c01277fa50be41bd943e804f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
13KB

MD5
9dd43ccb066e74e9661b0adaa271031b

SHA1
4b6e46fb971f6fdbb6906cbdba576b1dd49f7488

SHA256
f8f14160f52fc672e03d0a77b6238080f8c14a79ec0337a3ccd3956a1ea9ea1b

SHA512
26b34f9965e51e44cc7b113df3a032c0980958168ca9bba22508438a632302d144e4b6720b150d640c062a83b0d9389c1ca81cd17a4958ab3e1a7321b2e55751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
27KB

MD5
49ca7086a9c2e39113a245cbf8800adf

SHA1
78f0345249ed9caba309a5810c6632da4a9f2957

SHA256
39c0f4d55a07c8ded3179c3da7f5ea551732818ccd6e340f900c10fca38d2a9b

SHA512
4990eabbd88779aed6e1a7c106f5429b194f115755940b3011c9dd24ff5f43c421769b8c25f27790f6665e80b0ad7483000a4a9553e009e9e96a002aae114e3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
152KB

MD5
8aa38547fd8cb92efcac8134f81f3504

SHA1
6d539c26fb198c5a379155c9aa823dbdd8c80d16

SHA256
3ec3368a03d22b1cde5acb138c59bc05ffd0f1e49c6bd52370d7493b0b4a670b

SHA512
fa331e5545f04dbbd20e4c96796fcbbeb3ff01a330ff5d506623882e2378007924907433e567070fd29d927c3c569c045c5d25a105c451c2b65faeb719f9b137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
108KB

MD5
3286733d93d476f5e77785904fa48da3

SHA1
660d755b0634211deffe0dfe8ff46482ec34ab46

SHA256
6704edb66f3408f6c3f8355181260dccf94ad8ae1195a50e4fca9383608df25e

SHA512
846b1a2ec0b709677c1f5e8076c16303695a4bc5d5e8e830db2191e5dde770f0ea5c40661b6aab5210ca0a559b1488e38f39d9f326465c20056ac305a095cbb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
270KB

MD5
5575e116ed4cfc6dcf121e98464e6030

SHA1
2c81091c111cadf8dfe02b2e9dd0356ce63b543a

SHA256
432407a1abdc310819d1a09f948b62b2879e40629f2604e6f9283105d466b367

SHA512
5ac2556c39c33e02ef7ecb73e883187a57358e2679506f5d0d29bdcf376235c3c1463e66b108aa282290cacc1505a31f2598ef26c154bc961de28049fb6819a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
440KB

MD5
a3c42fe3cad586e6ac6ce3022f7889ee

SHA1
2ad6822b62818686050949df1f06ebfc5e951af7

SHA256
3548f851cf011076fbc3106053b2babae2d82a0389b4bb66aaec634740e18d2b

SHA512
57e38b4cfa8a018999ac93b506eb0ff928cb4707dff35b543f5618bf0217174e04813ed0a964bd74976af9f9d8822ce24186a7aa660536d21f11043599322170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2a3e82cd38ce277d_0

Filesize
299B

MD5
3f333c8b1310777f1e1fb4c8aac57d09

SHA1
7ad84a8039b821f777a0bff7f6a1a35f0eec91ac

SHA256
f6fb35a9e75e24f20133d23f69e79091e93e274c5da75d1a268dc8b7e021d629

SHA512
4425f9bbad5df8fd7e11c5830c83537928d1dd7ce45f018df90296c7d8939d824b57f113b9f5bbc0ec313f2a7da33a6520744c07d4a113aeb87469e2505663dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\423a47fc3cc90056_0

Filesize
91KB

MD5
185bc47109afa2f05faf2c564cf31e3f

SHA1
c731fadc0675d3b7714ab379c8f98741dbf107c6

SHA256
aab7b82b771ce2ac4f9d0a20f2b281629cfc133695e93fca5cdffbdb1c9f5c23

SHA512
4226b302087a32be4da429c4f141800b51f4c3f4ae659d2a59379802c5b11985574dcaf26c956d24159b81272e643558340d55f83438ec1d4ea85d24d60aceae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9ae01db7bdde946e_0

Filesize
269B

MD5
1e47b64133a185f1fc90875be422c2c6

SHA1
e050fe385cbed8376ee9cf3f8a1f6618829d0ff6

SHA256
47e7b8c82676523333f2f08c527de66dba97305a79f8da042a3ba32a04a5fa0b

SHA512
d9c713349e5dcf6ff2a22693d2a008213fefe6baf198e42c6f2d10fa568e3fc9b3198c660c1dcb8d849c5fe4505f1d1166ce478c41e81a0c4975e58e61b2ab4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9ec62e1c43da66d7_0

Filesize
294B

MD5
ec2e9d590dd5f5c9fe3c3b300f4bd9f5

SHA1
9d3588db1508467537869c89b6038cfbe1b88c73

SHA256
d2f8cf19ad0da848203ef93a6e3445a8e758973824d079367c178e8a167d7c60

SHA512
d94167d6f76bbd835eabe55effb989a68f0e08a2c506d8e175c8b1d5a7636ce308b95724f8ab02cedbe6d6aca698ce820b7ea5e829889a1651a5f635babec98c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c87cc074efab12fa_0

Filesize
19KB

MD5
06bc1d181c6405e9ba53e5f2a3384600

SHA1
8de6c95fa7ad770f6d0821a3e6b3ca66c21655d6

SHA256
08aa9650c5ec06e2f8432481f28f6cb88819e5c4e73bfca1cc8926fcd31b74ad

SHA512
8436696cbc7c89e5639ff233cd6bb241f0445accb08c628dbba7cf0246b480f945c7c1f5eab16adda146d09c4e26c90b77c8606407c28b6f3277c29b75817ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e41c6bd337625fa9_0

Filesize
31KB

MD5
c831839c045a4ff02e0f77535265a09d

SHA1
fb87501a61684750975e96242879831c44e0aa50

SHA256
8f582e1db90db5ed192aa2a8e7d1c9d8e784b78e094316d1103677f9ff291e24

SHA512
ded762aa8947268a536a60c4b075ae541df692a181ae71cec3a4cf4afa5af8db859ea04fc693fcee668ed3cb26da9fba3d9fdff94c79722207af86d836dc3f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4a1c8ee47c7a6c5ae49c2896cb225d64

SHA1
5c08bccc24a39138d6b941eae7dba011adb04e9d

SHA256
f797ae1403e6237215e198d986b102504a2a487b8557e93233cdddf62be9fe7d

SHA512
629e11caa545aa659c512420f254264941d7550cf2d4e98f861e7c75568d681b05a20572f978c2033ab1502cabd197af8336e6233c28b71e823496a4a21a24cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
40aa045e73b80922ebab36d1a0db07fc

SHA1
7e137b0bd244ce6d10c7d4f4a19dc1154c3d15dc

SHA256
dd0df7370b5923dd17cdb4b54a5fc8288da8390b44c99d40d71c11d720bd594d

SHA512
b19a6d12743af5be367534bef0d5ba5f749d4f02b19e7598db41b8ec610ea4cc31c98979f2a732a01af170452a92ab7f92a111669b406ba34fe940ffeb6f9c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1d3a67745835f2f2f8852cf946c9b51f

SHA1
2f55f2df94c75001a395d32e0d0efacc1cad4fea

SHA256
4194d454b2a7bc8aa9e34e669401ccc5c6054c5495551ed3b94f07372ca1d6cf

SHA512
97f130a57add70ce6976a103214d0a20a21e201ad09ad82d64b5fcb9af766e4c15109cc0906197efd3c6050bece0f3a84cc5772e220c029deb9394babcba4473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
3c05b1c44832c2a0fdf8e980fea70707

SHA1
bebc39b9c818e0dc419a7731dd34443457c57f0d

SHA256
92f00ffeffda7f61324dd343ca4e0fb26a889c8232b40ec905ebdd56389cc428

SHA512
056767a65d82743a8e5984d8a89b407bdc69d23b367ddad423b0943570519bda1007b88c6ab86967e000798eb3f1e0df98e7cc4ef518ca205a41a8b55ebd3a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e179a9c660199c2d352120f0f861e399

SHA1
4ba80fc734417a51f0cfe2b01979b93d974ccc22

SHA256
c4a6b0b7bf9d8e36997739f8ace24de953755018ffc5931e78e83c6d5388aac0

SHA512
62417432530daff4e7d15b88aaedde98da4811c4bb6ae9b5af9eb7d18bb503332b6ac3c86ea24ee72ced8be46f6f8910301ffcebb1fada54c4360aab4c50ce25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
77c1f8317123cdeb61f8c636301bd0e6

SHA1
42a9dbd80efc997a49abc4a370c0834d9cdded05

SHA256
383136c693ac6c426c27cc90fce2941b1927cb6ecdf54e4051f7eb6712300cc6

SHA512
ec109b87b10b61f832c829298385446e7f34537f0407237fc4ec96dfed04aef918315e17e4327d0c100a15701e5ad75819e3a7ceb57e3bc916087b364ba0ae66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
00fa116dd1034270c530356ed87950a9

SHA1
d89a7f3e4bdff6de82143cee2596652f7a1c00de

SHA256
0601d96ef026fcaebb7ed0d680934f9662bf0ba6af0bb2f1f20dd2fc53ca3ed6

SHA512
77fec9500e0fc2a6fbd96c0516b65d5614741a62d82a58c8f4a5bcdf0c279799116596c3369376a4b78980cda8150d018a91e5ecb6d8f931d421918abe9cf886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
46760c57361620754448dca727b269ef

SHA1
1e69417b7fa105a6d16148946a60a75bcfad4036

SHA256
5a3e8f8962a9c96d818271565595ee036e9ecd8e5a6da44ffd9cb00351bb3222

SHA512
bc679b30b11df9216ff6d1bb1aeb10a606c4990d8f688759e9b7d623681ac3278f0977cb95d8329553984bd1a50366434b053f6446015e57d6e32c798e81ff7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a5cc04e9c3f60ebcdbe5b267deeb1f06

SHA1
8dfdd27405f770033e4fe6e1d54016ce871c6bc0

SHA256
48db286da060610c23d79a0afd99a3f88c8de09d9ea4913d3c64ffd089116ded

SHA512
38bfb56902072e7150a70e142431903018baf1a47d2cd292d46bcdf2979277ca7fcaa767550bb8ec7a3dc15a118ab0fa6492c103c0eb560eae45153f7e3984ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e47c47658c53ed139fdfed2c82fc8ce9

SHA1
afde07f49dc368c3dd003e0555934f18a3f8bae4

SHA256
699e17cde22f6868630fd047ae8bc3d36e0f153fc22c3c42bb1dd9fe38c307ea

SHA512
7d363418129ed3ac9c00521d5544dccbb00c815e46d709af501bdc27b7d563779903feb82909472866c3ace60a5f7df57f60889b5ef488bb4add9ccc17243de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fc17a5291439b772448d3563e7566473

SHA1
5d1b68480424f8cdfa8a3db60417edd633350927

SHA256
595820f6431dadf194d203a07be9a1765f3e3569c72b4c802e85c7f6342a6f8d

SHA512
16847a05338a9d6a3a69e5cc81a4747b290c37078ba2a6cc5cf4f5a413699931e0aa5abeae89a2027852bc9cd10e8099c8c3b63e9cb52b4d2d5f91f392936288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
373B

MD5
a0d316e59e081651f8b77e95e4ae850e

SHA1
d2f3f1ba5322f2110f37c66ad4bf6b0b1d5c202a

SHA256
7d22144cbaed52d8c2e266b2bce140e3e87039574593fee6b714c7f1f84ff574

SHA512
4b12b166c4dade5765793fe24973e4738af29b4e8f71455ce98ee2f4949e57170cc2afe0254f6aad7dc34d1e3002b94fdf38bef4321b136f8cc1ddd0704e7bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
6b6e690e85bbdcca61590b62a2d85e43

SHA1
542d1d87ac1303f6d6370a4279d4d81a772c10eb

SHA256
93004a152d084b4039587bd82bcf0e93c6df66ed064070265e0307847a325855

SHA512
aa9c60c6caeed000aae413c199a7ad8cb9084238adbd9631e08ec89a94095187d3473ecd6932c3a378a0b12e601ab65f7cffb159f2801d135d3f8a494c4ce17b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
58d80d381eb8961fbf18a2243402d452

SHA1
db08aaa15450bbdd5dc3f19f3142a4c35b8df926

SHA256
a76c7ea247b717c73b583d34024f82713a475d09511e083fc24660cb7ce8e312

SHA512
d5b5806596b1eed7003de6f7927ed217d96b1cab9a36111e3e4cf662bc5b11e368900da61d77e51edcb499634bdc363fe2d108d8391b4bf3629e1d2707e33bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
32e23ce2c06e8354cffc0916be1a5a13

SHA1
364078a7a6d499682605304ca91ee6b1c21dbc80

SHA256
5ee285362737544d3839d3254d910a9b3cb096c56d7e4196d952e3df08fda055

SHA512
cc3af34fb3217a5fd7e83f58ac52c2a7b443ffeeaa43744c8244f9eaa10db899a9aff1b5dc654ff930f516d656ad3cf3ed85e7b8d97df30429353f87c04fdd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5e66513586bc601fd142767705431d31

SHA1
e36b4fa8025017b874c3ad24e712ca081d791220

SHA256
1d9571637a6354d7d8408a039d7b640bf826deee174d5edd3f02f8b93ccba1a5

SHA512
385befd1981a0c3ad15cbbe80c29d500bc8f1d9134eb12186f1475cb662be1ddd1191f4163f21651eb4a4d3e69616409635798b35b0c05758e71382558d36311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2508e9e9149855bceee5d2a97f2ee145

SHA1
2a4aebc7f6a0fb0b6068065534df3bedcc7b84d1

SHA256
b39ec2b1ff0f021702a6915fcb1b407ab8f4cbeb79b38feaef4b90cfc6777756

SHA512
9fc149415bba62a46863b1e42ab81dcbf1e76f5cc6e99a7546d71c9026752324637ee39935475e6f74e0f8dc2cec74a42710a2d568881a3ad8e05b7cc2aa499d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5940750ad3723b344b7b412898d2323e

SHA1
420b6868e4856df396dd13582f9fb1eaca406141

SHA256
1d7e1e8544302c85c8a6d622561e72832a0ffb478f439e70c5f32a97c617cdcb

SHA512
75b0e444c52479ae926d2bd0a32b33f225c89689c86ad356123bc2df233452150f5608e8105544e2f1ce7f6421168fdfc01b4772ccbc05efaf74df0b6d7b2c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
34b40a7c991d3b1e9dc67a9caec22b21

SHA1
6848f6b914fe0f11af1ecaaadc54d8cfb173481f

SHA256
ddb47c6fc0c6b4b4fa9a31ea7d711e8a878233b4b38e2d85d938c81abc390630

SHA512
fd824c502565f9093edd71e6bf4ed8fa12aca79048e4aa876acb9affa3d4c6027cffb3572dc8b5110b31b7951790ae024cc84d285623341309ba2739060223db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e9c6a210348e4d9ea757ec03ca3abf23

SHA1
90a33f5907146bec463b13c1f3e90f8ca055419d

SHA256
e81ae372022438080bcc3abb9ff170ca01304aa47e4807f7ae451c622b284ec9

SHA512
d171912b452f01f81d28754dde9e7d1a3cde76b2c8a8047a624388858d27157538b4b7516ae34bede125660785a4dbc62b42d01ff54884f8ccad3d09ddf0a490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
90394f837d314d205e9c348497e19122

SHA1
927c03c8f08b3ebd6d4bdfd11450e59536be9845

SHA256
c695b49d65d7ff7bc9c9cdd4aaf9c2820f49e20419592bcd80a47982924c9381

SHA512
25a55fe79c20dd310f5f23cad90940190ce126fe433ea7f0a1530035e04bd614e1d335c545d1603bf66ba74605aa1967cf9bd10bdaf44a733a2b9f400ba0223d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6e9d646b5778b6b3e80b1280d9082ef5

SHA1
3fa8ac5afa04b5d0601a013e48f20d9c1e9e034c

SHA256
9175a28bf7d3bf180489aba7516c720d8fd429517c0c2faa8837362bf975eccc

SHA512
702b615d167f4b6082c1af13fa3aa78a7bd5dd01ddd3ed2880678aa2c2d1c98931946adcf825dc8ad8c6a92eddc50212393c43d1fe9db3d683f1eaef047cb64a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
39684fd9c77fd5fe28428c7729f90f0a

SHA1
9f1fe49ba96f5df9aa53d7755cf262b6e95e898c

SHA256
998590a28bd95df2d36acdf3bc5d594700c25c657bb3b2cf7ed91e94fc248221

SHA512
b50b1409844d0805d1de2289a740c44bd570ae99fd22337975b95e61ae4bdc674752eb13a0b3bd179935c3a5c05edea062baeaca88226946f3caa415466d0c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c39b1a05214616a2d68ee5b7be051802

SHA1
f5a7f1b18218e1ed6c93037b5185db413cf930b6

SHA256
0686d5973829d0222bce919cad2389bc0057603cc8efb96600a361442ffc82f8

SHA512
e35b4f2382d571bb3bdcca87ce261196bebc1e507c09f48798356027c49fcc63123cd1cb7addb79e5cce38757ad536263d5e7ab77acca5416962edf9ee9003aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
af8583ff6572e0c854f8042e5db0e7f0

SHA1
089b1255c3da8a14fc293636b643f22753426b4d

SHA256
af204ea7bbaab9a32ca64af6f0120be0d2311c7e2b2806008828f967efa7210e

SHA512
9fbc35d5f31459fbfa24044a81927445caf2b584d35678c470ec1678fbdbae13444a6dbbad98b79c065de243b775cf5fc36e1e39a0d1b107daec2cea8f4c68c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e763ff3e570e942110d6b4079b0bd595

SHA1
d88e72f0efe0ca101df92ff921b22eddc5e54d28

SHA256
ce3433356e7f991c2079d82cc837c8b8ed1c18d875d612af8558c2e8f89af461

SHA512
42dc7dc47baef77b1a21b77c9c6100067c9caaade9f178d4cf71c9856b7965fdbf290f2279f240fdcf844b6cffda8ef64a08d3827a4f6d3804fe5ad89ccd09a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a8154dcdccc29852528770a88d06103c

SHA1
0948124939a904b78e8ba8d8bc2c461b8ef8afc1

SHA256
a8fb4101f913d39a7e2a1b48f00b1333b02b5c4a749f9707328d8797e54635fe

SHA512
c03e3cc5c58bb5a0504992f2ef95a4c402a2092b91ec7124fef71303995e06587409acded41769997df5a27848f19fb06e3da987bd8cf2dbb4c2e63ba8baa323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b27181d2176af63ebee985dd843b5998

SHA1
93c9976cc8edf6a23c5a20edc8521d6e29b12e35

SHA256
6ca92fbb339d5db357220d160aa97de2156e65481bc58a1c591881dcfe644d40

SHA512
6b76c438d8448841481ff72a795b61050f9efe89c4024743e1366a5a8762963075d7901c272167d846235f4a414ad7b8e0d37bf45f756681679595a64654be04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c78b28ef8b2c89da21627b222b30ab49

SHA1
aebe4da9d3a5c2072c50c6fe8c2e702a7f9a99d6

SHA256
1df34a17dffc3c83bbaee7408bf4ee9e32521864bdf9eadcd27848b1125c5ec5

SHA512
1a30e327c4d87de5a935eec870a75d63977c97d6e4f6ae1a4ef1342c2d29bd05ce4bfd133009869d1111b07ba74e7f21967cf3e30358b6c59b67bf317ea9d694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c09494520b976af65b6305eed052dd4c

SHA1
99c8443a48c573d3bd878aacc0ccde18aa3a4408

SHA256
8e8c6dff1cf7023ba8e67ce0e3f36b99bfdf6eb20864fb4f437178bc0cdb74c7

SHA512
fd3692dc5b5febcd56a7d24cc371dcd0b9629ca4acdbbe90a581aeda99dfa6bc03331a127a05426dd3f9ab4948818de7bb73d88542eee70671a6d5db0496f00c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
19b2135d7d0e60732d46da6c84742046

SHA1
123ab16130cb28ec6a09eb01edb88ef197ebcc76

SHA256
caf90904a83d64940d81d8e098b05679b135f12adeec6277e6f9c129366cfbf3

SHA512
7849f71e37650a7fb80f0ec29e34497e02f5fdddbf496508e6ff6c72f57d8098882beec6eae1303e4bb2435c5ebe29d9da865b4df6a25bc8c97a0a53399e31ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d522e352fcc99967203f2050e801b0dc

SHA1
bb86af0c713358db1f8ab5d9ff6f1aaf1e2717b0

SHA256
ff9f070963e5d29612858937a58ff8aa4a5166034eac8b5fa7921df7a3e2f016

SHA512
1158274fbb52b377175919fa7f3d06d02ac9e103a606ac90cfafea9644ad67d26027ea59afe5224158c2f113bd0d6521c7ae75226514deb388da69ae54838fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9868e9af48b87ca268b52c12009becf9

SHA1
0d1faee9ad8ccf1d44574918bc58dce4ba0d5677

SHA256
6aafc9b6c1f09e75fb37d896621fbdab9c8f18e59fdcd14a5fa50c3959e8a57d

SHA512
a50189df9babaef0b2de516fc1cb842b1d27aff052431c3e0cde4dcc260a2a617c870df7c89c3dce5c34782a3c7cced92beca09d843c195620b79d484dd56a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
554157611b58d0f823a283b2f740aa27

SHA1
4761d995a64f133552db57b890ca9fe7c948a877

SHA256
1fd12169d55a556ebf1d456e4cfa067c49ff62e062b20936b680fb5b03260ada

SHA512
74d15573adc429d91cce25db464859f09e0eabbc609bcded3623c77acbff1a9bbe47a13fee1c12690f9bab20c88e9541612fa42c43605b80091cff2b27eb6488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1b9b356271bb7f892e2c84878ae30d27

SHA1
56632a01750266ab1de33667d2ec698357605cf0

SHA256
d0301d8eca887b4e029c9fe1b4a6563a5936be0d2930d43d04d9071ffb8a6054

SHA512
00da6ca271c27859adef2b7c3287beae4605ea7486a1a144ebca2b0d175ce90f698bb8c9ca17ae0354af7d9260d475c2c795d0c9ddb1fd7e0975768b22b8a5ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6bd07ee512cefe06f2b02ba2218c58e9

SHA1
d5fccc4dd8ec6264fa454cee341b2d3609b16602

SHA256
4ded360bb31de8338eb743b59403a546d0a61a958366c91966b5a0462fe00b43

SHA512
73d58c70b6bb970ac9f6c1d0219cb43e25c74eef6c163cf118b376d0c2cea7fe0406b26402a4f8ed8650b3811d3d87149843b2703460fcf3dd5cecf058068c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b9ca98faf7f14d16705ab82a0b1323bf

SHA1
4c115adc8b4b2b49ae058a38536b2d75eddd81c3

SHA256
557ce19edf7c00b542137a5dff485a4f9a9079f4404a8bb07fdfae35e0a22e87

SHA512
9308c6e56b7da496a501d510feb6c14eb127d6a7e97eede56fac6077f23ce21a9e11ddeaf7a66757e2698cd815fca39604809fec5ab3cb40cb21cc0197f987e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3b7751256589386f488ba3ddefe9c793

SHA1
e2d1053ca1010cecf0bc63c04ccf218805a594c4

SHA256
c06aaaf7a07b28ab59b10978070e4e409947c7f8176b78c9f40c476dedbca534

SHA512
a6bbf418e599cd839412dce1f97f2ebc0ff3d73f8ba2d131ed10cc9b6e56f2f8e36809638ea3f98a53ec09d142fe6ee7923583b2d2bf2eecad30360888c55e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7cede49200e1e623ff5ff18a1ff3c89b

SHA1
17306c1d732c3089c72ef7664ff6f96f7c6b3cb5

SHA256
81b548bb03a59b524f4f87993d387ff0cc1e8731422c22ae93c5ad144e7326c4

SHA512
7076564de78c86ab5c60b6ab3f2247a2abe5cf8b301fd7452ce1bc02766d27564da3e35b1b0834ccf15b4c225ce91d7f0cf5739a1aaa479f0088db6b32fc4b6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
003a7c266a3d5cf11ca5984804370236

SHA1
79692c10d81593caf563dd7e0c371f3c3b303b96

SHA256
7e9dc153a454fad9d8bef476c4cf8a5167ee462cc64269c89686320e66748523

SHA512
033a94a22a1d4b82b7aeddb5ea1b39846a779b41dde7428cd4c22b9d178b1f07f9ef01ece49374536f1aab2fdf4beb7c69afa4e44acca8d8760a49af28d8b659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5291ba42f65448068a14b015e6eff488

SHA1
5dff5beb6d116a4241d411e41df40c37313ebecc

SHA256
edcabddd5318a399fc39317460527bab89f00d5c374aebe3651202091f4fb334

SHA512
372772cb6f90ea27a37102b40920b730a7e7d27385fd8a1aa606ac59528ea6b700cf3eaff818a7c5a0fd9f734bc6d421976e9e9d058be6ba81bfe40521c9cb7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
648062639cdb32a493425ebf140f4878

SHA1
235606497de71e3919f4de08aaa26dd86590c4af

SHA256
31eafe6ddb3388cf90fbdfb91f7071a36139713067a2619d75a7e38a098ee8c6

SHA512
827001c331c3ae9774d6f6ccffa12694aa1d6b003e7fcf049e98e99770ef4ee2099f6c90c7e5d9aca1f56c1a4ab795b95be69615a264b5dce0726e591bb69122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6883f29c04f3f84ca25b6305e186d46d

SHA1
0e04fb092e87cf694c610a0a3e94533d1cf07283

SHA256
69142988d75fe5f4b6e23030dfd6e6e0b635c4ad547aef6c1713fd8327a62a15

SHA512
67a0720d75d96ee8b31f8f66a5c60cc146b6059164711d13e57190df7d24306749d35a32e619303fab726d21e4c217c0f5386d1ce7e132fefd49f1ab8d9d66b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58fe9f.TMP

Filesize
203B

MD5
42ac399bb6f97607dc2ed8637fa5b771

SHA1
ca1af2ef63ba9b8e246f24697e05282610df72a5

SHA256
a639b83cb566057e9c2adf566f9d4e115e016d6ef631e2b5af160909e53fa6dd

SHA512
411e80e31aee567c63958b54b61091d0239bb43e4a2fa33a61937ae03a8408508664bf46f27fc2748de4f5479a07657aa4eb451d968e726c87513cedc847e051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6826cf04d5ea14b4ba08975fcc1158cd

SHA1
36dbbf956d83b6e626aaa9a245da89a147456c09

SHA256
8b9e784cbac6787f1fd8b7fc95c2790193bdff1c9caf31a9bb36a0ee64ac4c0e

SHA512
4b8f2afeca23cef2d1fd8ff15d7131d36a7857285730aae709684aaa205ef5e6e3fc8acfe74e49e8abb537aff9a9e88fa2dbb6b7a011ba2bc6a1f36f66d7eafa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb0c58b24ebb335f42f0bc31e10e2bce

SHA1
aee64e05d8fd29eaa6f2ee7e9749316e02852374

SHA256
94f5632e028ca823244be91133b2f49232cfb52d42f87f1b048383c592bf672d

SHA512
b1779cf1acd151ee935a9f20669c519579699533fceb369fea7611b9c49422b712b929e7bfb08b561f24a3bc5f63daa6de963e80ef30925c1da47aa55929256c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ae24e7dc8c6c37b30eb82441f5c18441

SHA1
cc55a737303201d939265bac3500e2c5e7179b1b

SHA256
ba6cef4c8b3a1025987a7231366b7ba8b779d07aec0cba3991ed592c835aa213

SHA512
5e5462f747cb2a0a53c91fb84debd0281bb905006ddf2666a32a6070049e72b36e08e098c7ca916ea3a7ddf35367fe7d4ed460bd3292bdf32134505887aca73a

Download Submit
C:\Users\Admin\Downloads\PL.rar

Filesize
169KB

MD5
941e8aab00518081502b5d53782ae36a

SHA1
96f53c03ad0b07f84b87a90964180faf5454d328

SHA256
64fd35c78062b821fbe32cde180dd48f428f8001ef1054d9c8d418575305dc8a

SHA512
2694271356974b3f7b636ea7f08c35152a0dff92b16ca0b3bea48ded640f914b0679cbf4ab0b0d322ef8e243e71acee993eed31a6f9a8da2b0f32059831e67e6

Download Submit
C:\Users\Admin\Downloads\PL\PL.txt

Filesize
3.4MB

MD5
edd2c9ac5d67fb43690f8895a2673e3f

SHA1
fc8a45cbe020b87f151aca031c8104dec581aaaf

SHA256
96e7a8b489fe36c670d85e3363a842ff495ff08f7889586e7294e6cd3ff1e6b3

SHA512
a594887858109e71c061ecf937817f8731e767bb4e6e04d27d3d50d473b3e78024a002f3a629e8b5f8391e5b4e210bfad207b5ca977e90f229880acb7e7c01b9

Download Submit