hxxps://www[.]mediafire[.]com/file/5kaecgptynkp426/Valoran-RXZS_External-Free[.]zip/file

Analysis

max time kernel
299s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2024 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/5kaecgptynkp426/Valoran-RXZS_External-Free.zip/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
1220	msedge.exe
1220	msedge.exe
5672	identity_helper.exe
5672	identity_helper.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	232	7zG.exe
Token: 35	232	7zG.exe
Token: SeSecurityPrivilege	232	7zG.exe
Token: SeSecurityPrivilege	232	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 2640	1220	msedge.exe	84
PID 1220 wrote to memory of 2640	1220	msedge.exe	84
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 752	1220	msedge.exe	85
PID 1220 wrote to memory of 2652	1220	msedge.exe	86
PID 1220 wrote to memory of 2652	1220	msedge.exe	86
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87
PID 1220 wrote to memory of 692	1220	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/5kaecgptynkp426/Valoran-RXZS_External-Free.zip/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8d7d46f8,0x7ffd8d7d4708,0x7ffd8d7d4718
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7832 /prefetch:8
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,4118614153100808162,12900855428418949115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2492

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Valoran-RXZS External-Free\" -ad -an -ai#7zMap12880:114:7zEvent22537
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:232

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Valoran-RXZS External-Free\Valoran-RXZS External-Free\HOW TO RUN.txt
1⤵
PID:3412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6e588e5e-1852-498d-989f-4f47bc13eb05.tmp

Filesize
3KB

MD5
c7a62f494c3552bd10a2853338c13230

SHA1
7c9a449700e39f6c588c07d36189eaa7722dd35a

SHA256
9552ff6d081e08007b66212274ca5b47b4c6573b66498b462bb40b18bfc9dfc5

SHA512
8ca244d5e7337f085c8124f1c3bd180df32e4c23762c476dbd419ba5684e4cf75af0c1b7c19bb2bb9e59ab2da5a4f174ddcf1bec145131805dd36669c77ff3b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
63KB

MD5
7ddbde8dabe31eadf6b216954bb6cc8b

SHA1
effaaa96e8fd4813865b60af30e98b92170a4aa8

SHA256
c4d9638bebfdc9d06bd1aeb8d771434ee59e79806d55a08471630c06792566e3

SHA512
044828c2efe09651fbd05d6d8beabe196168523f1596b01509f785dc368039555f8094b546d3da4ec5fbe37bc026fee4dfdb867d54328b01e2fa9dc305f30d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
20KB

MD5
9708e5224c10eb91f435950128a72070

SHA1
cc66f87dad487f1db80dc78942a7016d26725ae9

SHA256
834c60d1648bb2b2c84ab278eb0690ffdbd6f9dfa393d561eb38aa026dbdef8d

SHA512
8a7a126e028f6def7f03d4fc69831c2bccabebc48b7d97b816eb263a817934b8db1beb9baf1763ec7421640ef594e0a7fb65ef21cbfdadd90c3c88332f4022c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
20KB

MD5
dd62255c6e72b80ce88a440481d3d22f

SHA1
17758b8673c033ecf7c194e5d1190bbf9516c825

SHA256
16921001068e64b8ac9935d54eaa1dca108647370c5987443732ecd4f0f56249

SHA512
19cb0414fa378f59229d6296a4165e3a073fb6c6b812969c7015d3f73e7738c70893346740396986c6148ca1fcd5e7a8021aed775c808eb67ee9d1b301f0ee76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\186601ea10b1bd09_0

Filesize
276KB

MD5
44c2f46cf5c7a02bfdaf7ae872c162a8

SHA1
52ac60b0596a287cdf4aac1bad186607c8e4fe12

SHA256
9b393a535647d0e5d18d45e7044da72da4658bda952032a894915fc23149692c

SHA512
f189c8af02b0e57619c7d19284a5e56cc9b8e083eeb2ccf1f3afe6326f3fd6ea350fd09d6524a3ed75f96d40b7f660848e4f08a1568993b71d06145d3540d132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0

Filesize
268B

MD5
9b031a37678c99105211a7decb23d331

SHA1
0ebe2318ad94b80e2801f00bbcc55f463e33bf05

SHA256
27e513f2ad10458235579442f66ff9ebf6c5e6cf79bbad7f4968dd05edf4abf8

SHA512
4415f9476aa8b7bb2b6667eea050e84026eafa9410903b24eaaff4732b71fea803551bbf06a1b181daeed11dac69e2a52c62d6ba1acf4b7b7713cfbf226fbff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0

Filesize
5KB

MD5
ad069fef29e19e9172a80786c130dc98

SHA1
7fe8f5cddc5bd085c5781b0c8b4c383c02b98a28

SHA256
ce46d5240f1e1125427dd53eac015672bd8c85505383d2db2bbc1283b6d80eac

SHA512
21be0f02dd6c3d79264391adcb0b0b33df433b61e6cd0411daef35321fb29a97716985f283c004746c767731eb8c2899c41387fd98db3effccf7dfb45215996e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\68f91424bfe0c74b_0

Filesize
84KB

MD5
2bd9c45b9259f21628a92843789a9dd0

SHA1
22d4679dcb460ad40e91a0dc7db0590385cc3bd0

SHA256
117e1342ed63cb007ee634e230d95c9b05d075b15f8449db0a8a3b7dd054e7d7

SHA512
982f2fb1f77d9e2276510dc26e430ee9f0fe49edc1868d115a37406e105f8334c2c731a782e3d98d4bedc15a95bf5548016eb6548b97021ac0aafb3fb8668d67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0

Filesize
2KB

MD5
33491110eea2022abe34a30934ad291f

SHA1
67de895121aaf6f998525271fc725ba3d89c8722

SHA256
23d3d313a7a728b25af1c3f269bd5594b054c46ffaec1db928d28ef4a3da6bae

SHA512
c1d5f9fb2271dd9571379de80d1cfdce59034459929ecbc3972dbcb801c4df032cbd9b61b3e821a41984a337abd11b245b736cc93b4e699be0fa7f50110a0d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a9f7774ee3bf38ac_0

Filesize
54KB

MD5
5ffefb6af56b2f4e337fd3c1bf94c714

SHA1
7ecbfb88077fe500e142c8ea31ed1c1d7cddde71

SHA256
1393fb8f3646186035792c8a90193ba9e83f8dd8ef093173d86c930659339aad

SHA512
d7d8e21c760e5df096ddaf9261fbad60d97dce43de131a9a432416d777d5bd5f2901ce27b302bf91ef07d686f8fc29999a45fb0b947cd99167a0dcafa4889795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0

Filesize
278B

MD5
c8b973644195128bc3d93ac4979990ad

SHA1
14fbff130fb83e89689d3442118f4b22f7e156e8

SHA256
2f80fa646cdc0b6316ee93270227bfb5ddd3449086dba854ef5c277f1e5b9020

SHA512
67b55abbd0e3f972da6049ced85ac7e63a3d8e35d4af14973798fe3f26070dd5d484755637b5c6ebc65c9bd4cf9745d2230e79e84cea07dfa953026d02bfacad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0

Filesize
1KB

MD5
bf1c589d5c25e84b866eccba6b684752

SHA1
54a1b8013066b3d56fc01fccdae50b7b6dd31311

SHA256
a703c7f92277a6a66457984ce1846dcfb6e1d0290fe07d5347fe48aef2b42e49

SHA512
ef29ef680563fb4cb3c08f25585e3d1559dcdcac312d58a4555f2fd09624a6c57cabd47e6b39d671c3bd8cdb54ae190eb63c529f9e534c20f39054b13704a12c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
55a02b8111efff294d6aac8e6fbf0e63

SHA1
581580bc31f7d5e0434149add2ef6839f3ba93f0

SHA256
532d1b43383b214a86cf69902c46ca471578ec9115df94a8fb0c9a0125a30c20

SHA512
c91c2b9fff12eb7584e2ef604b112b5a54ab56e8d958c4f163e259f058e37ba2a7f8223c3a33114a3c162ce4d0167bbea3325aa4b069bfcb64df3e8832c036ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
65afec2e486b4b87c387a414e78ed7b3

SHA1
606ec2c8bb6f58110bd82e1f5b48535ebf983d98

SHA256
aeae7470172fa6dff9176bde6a1e043c37b495dff66c0484fa113fb2c00c49ef

SHA512
cc6ac40557d56ba040dc9f1766c03db3a9865948dc02668cdb5aa530ed9676a5162abc2f6075f91262cc153cee20f99d0c56b849c30cc0f7611e01e3dc5c6865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c30c0a97bae7ef70c654e474fd643147

SHA1
d639fcfd61d493ec3724729ee54e0a46251f58f1

SHA256
e7d125b88c841b035137331fbc0735f462f3d572e50ef92fb2e951dbab3939bd

SHA512
f103fa426533387ce73f1499662b558ec8aaa9d08747117a0af0a94443a435b813bac263e0e493790281c8c95a836307637a62d9e990d4afb2871c75107ca08b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e48b59f838d6fa38d2b01dac18eb4978

SHA1
0e2e4a94a95bb363ee80f5685f7118df417a7c3f

SHA256
79a7c40bf8cc77daf96d20cc836ee1097b91326694a3f92bc02bed041cbf2e68

SHA512
4082a657564ea2823cb55386c6e2cef0b04102e632ee5b596e998f9e1927330fac522f4f1780870f43ad95a4d8e94c923a9bbdc505927c6e5d292a62af935137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8b15c2458f7b906111d3889cee362f00

SHA1
5160dc6fb7a20ec5ede935856edf89e64a16a1a9

SHA256
c0dca0326e89507f8f00873870f57577387d14a0fc8b40e198e29870f526477f

SHA512
d72eb2bce6c5b346e321f911e827ca38bf817d147529892800c7f001d9e7af402e731d9c57f84c59c045442c42c2bce7423c652be39b18461d1902f69b65b778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d197298626b2dea55477e1c7b2107c13

SHA1
ace6a26d593d7893fdd2086a2a925ebe197cc5a2

SHA256
d4473f2f62d8db00506a6fcb64111e401c99f6f8c7574f855ecee14289b84118

SHA512
af800618375f89a2cf91140ed6f783ac17b6fb31f0d34f0cefc8ae1952698acf2e7e3ae9fe61657256d19bf217b7fbe4545e28ca919fec33967178218fa64793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d454234cf04b9e0416384194cc2ebd38

SHA1
a15c410a52d39f18124f330f5bd381581ade6128

SHA256
971afb29449524dfc05950a198ec1898186d27d42cb861e5cb5917bac257be75

SHA512
4367432d67fe2cb1ca2a456b61eeeb72ade5b4697853c86c67652c41260320bc68cf7042d37062446fac2b8dfdb942f2206db9e07d9ef5e79eb293c5d2bbdbb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8220e62f6e1974c7f9f66b8389aff389

SHA1
4aa4e5a8147e4420a706b39ad66e49c34b97f138

SHA256
92dd969e0373d596f13332abd759c5f6377c23edd5fb2062f455d9c6fead8c6e

SHA512
46f2c086d5e49eca32a897ba2ded8537c653421f2630c0957bc7b48d34efb69f82d425a8cefc34754a5a0d440bdf5b23c1f2f53fb2aca249729b0694bf0dbb0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
5ca5095c521ebfd4494bbdf221175532

SHA1
91a00a1a6bd7b174c38af3c9c2abbcfc782e85c6

SHA256
efc14ffbeb3f046fbed510e9c6ef06992564acd4ea46ec2d71cf1efedcbd8b50

SHA512
ebbf2622ac722ff741d0b5d1c228bbf23301af5a2935aa1e0f6906c27c0b7877d2765ccca532d27e20a236e42a75ea2288ade9186ad42e61cdc7a403d471e030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
6d67976df82f5d81027f2f7bc75dcbf3

SHA1
7f1735db2d56acbbc8f325a5f6a2f8902724c563

SHA256
ddbade9e873461b5dbf8276318ba1cce0e704df27d68452a4cf4c4efefa19d1f

SHA512
feff8d072706ce1b229343b2b86b7d40a403d162bbb7cfa59a98dcbb0f171bbe939410c847a09f0564054219a79bb138233c274618bfb895d6e9fe53b04e3c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2e390ae959c4f403287af8c0399ee15d

SHA1
b7923318f7fe2e78f1f66c86529d2224436b8c1e

SHA256
536403edb7e0a77917b430edad9c9ef6cc3948a8cea66fb03cb45774843ae7d0

SHA512
2ea6e4d7843921289967d21d91042e88ca7d707edd6492d4819e4f4569fbe147eaec0a41d346a3c367bfc433b4921fd0ac0f810dc0751a5735b34250472a6c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5970440fb1fe0589c6c12c7b44d087ef

SHA1
44141e6e75690e0e472939543bad30194370aa92

SHA256
414f5a6e5f3718b2661dab5ebcc51c1ca5bbdcb4a23b6d7d9e2fac6460b3ab12

SHA512
e5e8cfc123cd6e11cd88618df072e45d8db4705a8f7552ac6572227a7dec0de462518c32713e36985231696e074c50be6b6a32c76eeb40cc4417d2c80f32c483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3a3c4a849c7ec4ef805f0f93e85433b4

SHA1
83166941f746eb1c25e56a8adb10f289d94d8e37

SHA256
6262ab0b55bf508ee7fc48d451fe96a3ff6579d47601356198772ac8a56c0926

SHA512
17950415c72f9d5541219cbc5aec86e3cdfb37989721ae8e559e3bff1a158ec3f8c3a9898f8169a69ccd0506de6f76ca07b5d2337ca6073427b26bf656dfc5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6a5761617f2c60f263c6215cce4cd2b8

SHA1
aa6508b5340ef54e5432b439e7d7823fa83e2194

SHA256
bf088bbde8cac4b7addac1728b4153cccaba36b90cce9f65a7de4f8c6f1a9cc2

SHA512
d7bc2c57d5ec033a444b165c3cfe2e16b24806e01a9a163af3edec11bbebed4189b344a2fa91ca7f50c8262f41b834f9ef2f3cc110391715aa48310017ec02d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f43a392e76368d67b2bbb3161f7ddb87

SHA1
b6de807d5c04fa16465a7197469c2f44441a9f76

SHA256
4447421130dfc4972ad88a05f9ccb8b81af2eeb01188ca0525a835ccb700c82e

SHA512
37a244519c21746dd8f0796bfc8bda0ca99fb02086632845a900a14f530d2701e1407b4276ab6ee4c1e7a57da1a677adc8c995448f9a3c3b6fb80a04f2fbebaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4c1184d04c75271026ff32aa51ce9156

SHA1
7c6ee760e6f579cd2286d7d4b5e7d839f68d5a3c

SHA256
4fa1e02137c3b8dd4ae894936f03dff842a70d624ca87f8a1ce62c90cff8c405

SHA512
503218a4edb33cd498b875eab06f64129b963b504f1fbd92cf90376c65847dc2af24552708d62f5c259f0b09605adfa087db314f3b4eb05e977b7c002cf9b5af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
90e231ead05a48150764e16366c17615

SHA1
683e753bcd469d45f0ed81dd5a33defda24c8e28

SHA256
0674daa2d2538fee2dd7e943869c085d82ce889606991559bacb292210ff2f3f

SHA512
ab8ef7c471c9b7bcf66d0d73f7666c89e8b35b188d41a9e35dbf45de3477678907c3dd94333e05d17cb76b7a94f74402cf6635206ccf977ec60b570438c0c756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
314fb1e91bb81838ae48473476e96306

SHA1
731d104baf4a69bd78b697977b59cede1eaa9fbe

SHA256
ecf5dc2067a4dde57002d8f267734981c5176c075b387cabc42cc1aef3d2f83c

SHA512
617989cc272367da6040a6b230159d25adec0efc1d495deab612b4cd0e3b271f173a85332be413c7484a02e52b448ac4f9c629ca3686841753e84f98d4b9657a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5f1301103a145e9586b1c53c99649efb

SHA1
9ac07108e65c7316df166a620b454c267977cda2

SHA256
99ed4cdf9ec5adf09583ce84354e2e86bcc9966dcc4a364e353ed1e46ed5492f

SHA512
e15ddd66175fd7b16122d81ad9a9ae97eaaf96ec3e6be953e544b3e44df7c3eb33591ecc4bf2dfb6e4c3bc3324ae216b3fb76721303a2cb106a68bf2968913d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9af21d53e4529f3a255564bb48bf1234

SHA1
459a25a0ebc3c7907479a2d42445508cfd275768

SHA256
de0e19c97c6cd611ef6e3eb00a19158fd3ccf2b8247986378008a0b9053f9fc0

SHA512
656d342314ce6fb43d4a41c859cf73caf7724ccff7bf05fe9245d86c6f475c816a794016e8595310644b8d8076376b8e73d95afd26acc4f5bd00e718e3fa0d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ca9a808a1064f2d12fecd9b3299e25fe

SHA1
4b479304291597944780fb6c350daf3ccad0d5dc

SHA256
f30ee219909abb1da457310f98761f8f1af70e0ed37690312090616dd4e5fa7b

SHA512
ed6cc035988cc1d140a2260114b902707714a62ace3c7527d7d3df9ca80dfdcf0b790e439ba2997665ef499585681aff9b6b4d1033da3ddb6bd0204aa8e78824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bc0c.TMP

Filesize
705B

MD5
f045d2d46e9720e8bd1084631f9e8dc5

SHA1
18208d4d5ac7ae9c5f4c17b73714f1bdc5d43001

SHA256
25863e04481c844c3299dd7c3263006cbb92ab157e0a0ce7fd97567065b8df24

SHA512
23d0c12c8aeee37ea0d31e3854c06776091ed48d3990143a5e7bb2fffbea60efd7c977dff2f315f87d198fdbdeba5183e44ad4edc26499229aa04e202552354a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6349fbee86dd673240cb24104c1a63dd

SHA1
50a92a0e20e544af13f85144878745898371e35a

SHA256
ee2bad5ba0db317c4f9f228c9434d1b9641190f34529dc74c5ad942a3f6fd99f

SHA512
8cfb4d524c35d6d5e027a9a86bc23f7f20742f326f8bfc58e6705ed75b1b8f434b2535f001e52ecd76e70fb6910108458065a06a402e3e3cdafc039702e9f16d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0a0e220b04347826aa92fa9e9fc59964

SHA1
5ed2169db5918d726c0a439a0e66967e494fb89b

SHA256
ec12525f32ba8f7c33c54194dd4c1fd60c82cd8f62d857567910a40bca9bffc6

SHA512
4fe8203fad35147703ae41fe0bcf5020118adff2bc6684da0dacd1dfeee9419552cba9bef7f181cff7a8e0c8eb6086b1aabcdb370b02674b2c84c7f0726a947a

Download Submit