hxxps://drive[.]google[.]com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view?usp=drive_link

Analysis

max time kernel
138s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
30-07-2024 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2077438316-259605770-1264560426-1000\{FBA0B240-7D34-456A-AECE-817D4A66CC6D}	msedge.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
4300	vlc.exe
2728	vlc.exe
4624	vlc.exe
3036	vlc.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
4936	msedge.exe
4936	msedge.exe
3368	identity_helper.exe
3368	identity_helper.exe
3796	msedge.exe
3796	msedge.exe
1008	msedge.exe
1008	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4324	OpenWith.exe
4300	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
4624	vlc.exe
4624	vlc.exe
4624	vlc.exe

Suspicious use of SendNotifyMessage 54 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4300	vlc.exe
4300	vlc.exe
4300	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
2728	vlc.exe
4624	vlc.exe
4624	vlc.exe
4624	vlc.exe
3036	vlc.exe
3036	vlc.exe
3036	vlc.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
3164	OpenWith.exe
4844	OpenWith.exe
4324	OpenWith.exe
4324	OpenWith.exe
4324	OpenWith.exe
4324	OpenWith.exe
4324	OpenWith.exe
4324	OpenWith.exe
4324	OpenWith.exe
4324	OpenWith.exe
4324	OpenWith.exe
4324	OpenWith.exe
4324	OpenWith.exe
4324	OpenWith.exe
4324	OpenWith.exe
4324	OpenWith.exe
4324	OpenWith.exe
4300	vlc.exe
2728	vlc.exe
4624	vlc.exe
3036	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 4960	4936	msedge.exe	79
PID 4936 wrote to memory of 4960	4936	msedge.exe	79
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4452	4936	msedge.exe	80
PID 4936 wrote to memory of 4892	4936	msedge.exe	81
PID 4936 wrote to memory of 4892	4936	msedge.exe	81
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82
PID 4936 wrote to memory of 3472	4936	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9fc9846f8,0x7ff9fc984708,0x7ff9fc984718
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1312 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=216 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6584 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\install.rar"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2728
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\install.rar"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,1173339563991218950,13622191324338156749,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2820

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3164

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4844

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4324
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\install.rar"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4300

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\install.rar"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54a5c07b53c4009779045b54c5fa2f4c

SHA1
efa045dbe55278511fcf72160b6dc1ff61ac85a0

SHA256
ff9aa521bb8c638f0703a5405919a7c195d42998bedc8e2000e67c97c9dbc39f

SHA512
0276c6f10bb7f7c3da16d7226b4c7a2ab96744f106d3fea448faf6b52c05880fe65780683df75cca621e3b6fff0bd04defb395035a6c4024bb359c17e32be493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d3901cd618f65d66fb0643258e3ef906

SHA1
c9b42868c9119173ff2b1f871eeef5fa487c04f6

SHA256
1f74c3d5f4d41c4d5358e63ad09f8cede236eb66957f9888f42abf98b238c086

SHA512
89c122ea72ae3f26c94e34040e0f0a856506c8490ba36fce371a731b3f0588407c6356cca2ebea37ac829a67c2b398e298a64d5a72712172f69071264ca58e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
69KB

MD5
24a806fccb1d271a0e884e1897f2c1bc

SHA1
11bde7bb9cc39a5ef1bcddfc526f3083c9f2298a

SHA256
e83f90413d723b682d15972abeaaa71b9cead9b0c25bf8aac88485d4be46fb85

SHA512
33255665affcba0a0ada9cf3712ee237c92433a09cda894d63dd1384349e2159d0fe06fa09cca616668ef8fcbb8d0a73ef381d30702c20aad95fc5e9396101ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
41KB

MD5
2a8a0496c0022a0e67d77d3446340499

SHA1
ed76b29d574b4dbfa9e5dd3e21147148a310258e

SHA256
f348937ab6c6d9835af1f55e3f1d3c51197dc1c071630611ebc6d44834fc44e9

SHA512
d3767a8eafe019a15c2142d1160271ecc62f6e7d5623c0ae5fade269c8c9cf7de3b80678ed64bb9546bcf4d80fa66e11cacd19f2a7e295a6fec2a64ec8068c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
1.2MB

MD5
cb44cf0ca156d6ab31377cfe7890d57a

SHA1
cc4fcab140b21b7cd2d0a6e6b1a2c4a6dc85a576

SHA256
9356d5a06bdf7336497baf6f188ef8e4972d3c85d273b898e072bf7407c2be4a

SHA512
777585854946f566dd358eefd69cc3f41b0203a80708d8c9bb9d3b5458f4ada77b2cb8ccd8cae392fbad16f1f349623db063802f14175e4c6856aac874abc89e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
5bdf8a18720e10f680c8984b158579e6

SHA1
f9ab0c503018f20d4ecf1870105da095ef0b965c

SHA256
a33ebd017cec629b8c0814a5ade98c77c894ee03e18a4d4dc89d6629481dcd4a

SHA512
111c6d9eba21f1788b66ec4782d0e9ba089769ee304acaced46488fab4a83f448db299453469f445bab2a802dd2d2283c5bbccdba692d34194862db1ca472dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
abbe8c22499fe9cd2beb88c4aa28341b

SHA1
c6403373bdb35ca43d63c5c9874f29fd620febfb

SHA256
25af2a3df3c175ae3a4a5e3d9d38ecb7168ebc86907488ff1263e9fdde457a9c

SHA512
d581febe06b5e36748d92078e5adc025904435d7d0f9d27ef08a85e672f341b5f90ee4a20a63356c12b604dcfbd6e779319325196130a8d32988f6d1e5d64679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
08044b24ae3c29b2429bfcc55ff24023

SHA1
572b3a488987c947ea1d32ee41a5d81b527609fc

SHA256
a41e852ea5a16889974dfb6230494a7224796004a4cdb43f9daae2770210d618

SHA512
cc748d4e47b21b2849b5b219af5a1b38fe68956ee4c1f27d2b7812c3e8ccec6efb6a1a4d3fe7a3d95c108ee3b80b81494c7d27985c4d88282a4a4b593fbc7f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
2d082af8fdae4242fb238b348c6dc4b0

SHA1
7fd91b9a045256cc508d228fe928debf94ed39c4

SHA256
1eb123efea7ecf911f7aa55b77224cadb26e6879209f18ca88fb349308b53286

SHA512
ddabfac058141ab77aa659864a1778ab2f72a3645279f5252910b6f291cb603f6100fc1578f3acf7a3f670c36fcf34518f81af6325b8c07f206cc55f6f8dd41e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a879bd7c87a80bbebdc691ccf2a1b5b

SHA1
34c227be514759db7815c15865f18d156d82fd3d

SHA256
063ee5f733b9f9c061e591648023edbe1e6377e27d929b6eec20a77c053cb817

SHA512
69ead1ab0fd20dc6eb3a2238d08c206cf4c17013d9816964343bb3c333c72efa3af019c25f876a1924aa1832127daa02d70afd4687d46aadab1034f014534e93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d0d9de0a39ee6f12aabf5ade628ad4da

SHA1
ae9c0bce7a5d1d9c28adc11384f41caf10dc0021

SHA256
19a2f9eff9cb5a4d3f9decff3e014fd85a4c4baf019dff43a4cc0e4b9f3292d5

SHA512
5dac805343ef08c7d92e103d4d749c68b11f94ddc1759bf41c61453fcef269047c5061f79112c2c6c3810773fc5f966896c446551eda9a97ce0c95ad993d4d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2947b20dac2d0b259f5dfff73be6f07c

SHA1
fc6340dcd7f256c59b9879e0071113a23df7769b

SHA256
8336a63ca95c9910538e88d897a12b4cdbc381f58be2aff5110fd8a039757031

SHA512
ddef2fa29ff4ecf4e0db74e975fc9c0fa84f32d6a4ae0e2886e90f8cfb0e82780120d9aa5a891a4b5cc7cd39ce530d7c7ed368140434f5a9fb37b127f45ef01f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc3ec3641fb2461deef1d0cadd982314

SHA1
ea91304de2da91b04bcd5ae19c1d7dbfc4db50ea

SHA256
838b7a82d93a5f8e9e85cd10deee45c5a11d76c4679a0869caf1cac5f0b88896

SHA512
e92c2799434912a8ce8236c087bb57df24ae18338fc02a98b95a2049e8b80ec8c43ff7e05e61b60b4f252ad712135c54d97a6fc23ff8163a3bf8891b57688313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
88034c50bb08d99c5cd263971879c7b5

SHA1
641cfa9b70e0f530b9e2a25a814bc9301853c5b3

SHA256
0e3424c47951f66085470ad346d61ce4ba33ea62d5d4441ca82253fe1515c920

SHA512
2602cce10fde4ea62629e622ecd15cddc6593168b5081c17645a8e7b21c2334c4b09b39aba0c44f7c9cc62112925a411af1d93a785161464a79df7a274f4b7ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8f3deee4f2068d80030d1de378b86f9

SHA1
835e094cf6503f0554806f4f9d27c22688060b6b

SHA256
0dcf4fb1b330ebb4bf813b2d1ff89ba7a308e6216fd6cf7df5fcce8cdc8c22f5

SHA512
6ee9995461847f415ccadabf2433d2e8deb212c54cca27318c881337747ba8d7cfbc433ced53e7adafb1eb4ea4c0a1a66c74beeab2d4e54369abe4a24c273e33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eff497255c0f3228fdbd9385e9df0428

SHA1
69c1d893103dedc0b7090341d3263191eb1cfb66

SHA256
5b30ffd3f232ea0d7b128f60f5faab0313bde42a41c5eddf17407d4905960249

SHA512
fd58b1f5f6e5537d6e40819276d483218ca01026e96204acb90ce29138907aa27ed885405b093a9d0026da523946bfab8c44d42467be334d4b8a0cf69dd21e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
895399e934e689c70c4c1d54353584de

SHA1
d6339bb8343edfd5b22fda47b7a37be90662b643

SHA256
762bde8d50a78585b55c7cce822baeeb245e960d19c55929e17af44409afd667

SHA512
b3f6a4e648bb9f8bbd87350b8f24c475965c42ef20493f7819f0a4baa166d623ec3e195b221d1f0dda861a11e4fa7100a5f1166bae116b2f1362cd0936a2d891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aca8f8b0cb4250b8a60b3bec338685e1

SHA1
d4f6df190e245f5e7b8b161703ccc5b00078bce5

SHA256
5fb54599cd5ff4cd40817221b06496b73c388a072884c860d3f7291cd9c40c83

SHA512
e06fbaa56ca88f7045b6b5e656a7abc66bc109d26043d85f899be9938e351a5e7603df0f3d8e92dbf0a6421b3fff207a1e651beb9e003115c4c28dd4c5921e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58be79.TMP

Filesize
1KB

MD5
51e91de8e42d34526427d3de20d6eb71

SHA1
9f9675518398739b81c678061d7831827e70ddd0

SHA256
46ee9e74cb3891fa4d56141be3915a29f04391bc1eb992ca3661d15473e0852f

SHA512
ae8f97f19ab51c32ab8e583be7cf11439ac9a865cb40c954393b31682482fff78163ae5700dc896f372a8634ed737148a185f06b021d5a1e4f48f8f3ade889f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2e9f0871b59c6b233dd0a982c50836f3

SHA1
426e78a6dff658936b472c28531234e6aae8e484

SHA256
7651679cf1fdc6c0ed8ed2e5c6553fbf2fe78a65a9fb9f55faea7098a1b4959f

SHA512
239afe45330bb999ec325495d53895d57e9a25361e5598115723ec7d9d1a4e2ea1fd976f5b879668453db1712c2e9ea8df5a74033c794818641d2b6fca6d5885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ab0e19c523b9564415521b5f1a46d023

SHA1
b83bff865deabea404dbef12a65a7725c931d2b2

SHA256
ec9f0850305f8e88721805c8292caf38128fd2284feb84dddfcbd1b26bab9be1

SHA512
89666ede7841143f1502b2668277d48aca474de226a01bf462dcab07d9297700b523bff062876c2bfcc5cf3a57c0008b3f873d67bc1494d8338637363848f9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1ff85285b9d320af99db9c0e1fa40617

SHA1
5a16b57ea5f7ef39348d804633812af030947db9

SHA256
7a5488c67e7cfc716a0fe91024ba1a78817aa8e6537bb593ff3c52899e37c8f9

SHA512
26cfe78d0b94a716cf000f2b510bb0f97a46b0f54af363e2050f8c96c735f33dc2ff151ab3d37b20f0295b0307a5839c9f20a1cf2a5c79b82b9d0fa8ddbf0345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e7dbd6ba7745fae73bf4d96c433fac2b

SHA1
01cc225aca89d6e8f836ba6bba41f9f52ecd749f

SHA256
3311842769ff7cfdd63f0aa7c12d407fa00bb68a179daa9b0f272c141ff9c7ab

SHA512
be7569588921eab305286b1ce5633f584bc34dc51b11234a5c48cb474538513ed5e272db338553ceb3dabe00d2386faa18e29d2fdb05d0c2ee16a0b3922463b0

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
504B

MD5
6a320314e722ced036114daf8e077201

SHA1
3d3a6a37f3c6836c65aa93ab2e1abcfcf4405ef6

SHA256
a155fd48274646664f573990392b666dd4dbb3ae89f9208e10ca5a0bfdf542fa

SHA512
97220c3b7fb21385f6f852e7950e103f4706f6d0d67ed08622edd83f14eeee8b6e7145650036545618fba4ea0be9cca723963dff3a39cb9f36c115d4808d8ec1

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
729B

MD5
7b3b3bbac117ad296665216a2a72b06b

SHA1
245598f6695ac962803715184bbbb202bce81ff8

SHA256
7eaa015c592cb0bc80cf764f5c49a17951b0502d22ed8bd4b9d6cb0c1c62ad06

SHA512
1293560b4e9e13294f7efc3a2d5dd02acbc428399848d00172db6fb9bcc9435a72c5e17b9c1f5f85d80f7d9102495063f3968860383eb0d81b6e741b7f5f25e9

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
94KB

MD5
7b37c4f352a44c8246bf685258f75045

SHA1
817dacb245334f10de0297e69c98b4c9470f083e

SHA256
ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e

SHA512
1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 220972.crdownload

Filesize
448KB

MD5
4564a9a35d9e7e7883faa2ed3361e0e4

SHA1
79a611b96bc0cdab0bea30423814b4ad7245800c

SHA256
06ce088beb65731be6268934f89d44a00d386e517ad88f8e28a8968c0a43b7e0

SHA512
efcec8c64edc5e23a7d24610c4a7e7facd3c682eb42875bc0b19e95ffc3479749d044a78f274cbdabd4252a07ef3da567aabe995abf2f5790da139203075fa51

Download Submit
memory/2728-704-0x00007FF9FC3E0000-0x00007FF9FC696000-memory.dmp

Filesize
2.7MB

Download
memory/2728-702-0x00007FF618870000-0x00007FF618968000-memory.dmp

Filesize
992KB

Download
memory/2728-703-0x00007FF9FCA90000-0x00007FF9FCAC4000-memory.dmp

Filesize
208KB

Download
memory/2728-705-0x00007FF9E99E0000-0x00007FF9E9AEE000-memory.dmp

Filesize
1.1MB

Download
memory/3036-865-0x00007FFA00120000-0x00007FFA00154000-memory.dmp

Filesize
208KB

Download
memory/3036-866-0x00007FF9ED000000-0x00007FF9ED2B6000-memory.dmp

Filesize
2.7MB

Download
memory/3036-867-0x00007FF9EC970000-0x00007FF9ECA7E000-memory.dmp

Filesize
1.1MB

Download
memory/3036-864-0x00007FF618870000-0x00007FF618968000-memory.dmp

Filesize
992KB

Download
memory/4300-162-0x00007FFA00110000-0x00007FFA00127000-memory.dmp

Filesize
92KB

Download
memory/4300-175-0x00007FF9E7B00000-0x00007FF9E7B12000-memory.dmp

Filesize
72KB

Download
memory/4300-187-0x00007FF9FBD40000-0x00007FF9FBD74000-memory.dmp

Filesize
208KB

Download
memory/4300-188-0x00007FF9EA800000-0x00007FF9EAAB6000-memory.dmp

Filesize
2.7MB

Download
memory/4300-186-0x00007FF618870000-0x00007FF618968000-memory.dmp

Filesize
992KB

Download
memory/4300-167-0x00007FF9E8D90000-0x00007FF9E9E40000-memory.dmp

Filesize
16.7MB

Download
memory/4300-158-0x00007FF9EA800000-0x00007FF9EAAB6000-memory.dmp

Filesize
2.7MB

Download
memory/4300-168-0x00007FF9F6C50000-0x00007FF9F6C91000-memory.dmp

Filesize
260KB

Download
memory/4300-169-0x00007FF9FBF90000-0x00007FF9FBFB1000-memory.dmp

Filesize
132KB

Download
memory/4300-170-0x00007FF9FBE60000-0x00007FF9FBE78000-memory.dmp

Filesize
96KB

Download
memory/4300-171-0x00007FF9F9510000-0x00007FF9F9521000-memory.dmp

Filesize
68KB

Download
memory/4300-172-0x00007FF9F94F0000-0x00007FF9F9501000-memory.dmp

Filesize
68KB

Download
memory/4300-174-0x0000015C99810000-0x0000015C99923000-memory.dmp

Filesize
1.1MB

Download
memory/4300-189-0x00007FF9E8D90000-0x00007FF9E9E40000-memory.dmp

Filesize
16.7MB

Download
memory/4300-173-0x00007FF9F7620000-0x00007FF9F7631000-memory.dmp

Filesize
68KB

Download
memory/4300-159-0x00007FF9FE5D0000-0x00007FF9FE5E8000-memory.dmp

Filesize
96KB

Download
memory/4300-160-0x00007FF9FCF90000-0x00007FF9FCFA7000-memory.dmp

Filesize
92KB

Download
memory/4300-156-0x00007FF618870000-0x00007FF618968000-memory.dmp

Filesize
992KB

Download
memory/4300-157-0x00007FF9FBD40000-0x00007FF9FBD74000-memory.dmp

Filesize
208KB

Download
memory/4300-165-0x00007FF9FC290000-0x00007FF9FC2A1000-memory.dmp

Filesize
68KB

Download
memory/4300-164-0x00007FF9FC6E0000-0x00007FF9FC6FD000-memory.dmp

Filesize
116KB

Download
memory/4300-161-0x00007FF9FCBB0000-0x00007FF9FCBC1000-memory.dmp

Filesize
68KB

Download
memory/4300-166-0x00007FF9EABE0000-0x00007FF9EADEB000-memory.dmp

Filesize
2.0MB

Download
memory/4300-163-0x00007FF9FC830000-0x00007FF9FC841000-memory.dmp

Filesize
68KB

Download
memory/4624-719-0x00007FF9FCA90000-0x00007FF9FCAC4000-memory.dmp

Filesize
208KB

Download
memory/4624-721-0x00007FF9E99E0000-0x00007FF9E9AEE000-memory.dmp

Filesize
1.1MB

Download
memory/4624-720-0x00007FF9FC3E0000-0x00007FF9FC696000-memory.dmp

Filesize
2.7MB

Download
memory/4624-718-0x00007FF618870000-0x00007FF618968000-memory.dmp

Filesize
992KB

Download