hxxps://drive[.]google[.]com/file/d/1-fKy1c0HEaAztvR12auIAZb3HLF3WGwc/view

Analysis

max time kernel
252s
max time network
254s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-08-2024 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1-fKy1c0HEaAztvR12auIAZb3HLF3WGwc/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
8	drive.google.com
363	raw.githubusercontent.com
365	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{B0F25123-B7CA-4E41-880F-07C8831A5847}	msedge.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
1836	msedge.exe
1836	msedge.exe
2152	identity_helper.exe
2152	identity_helper.exe
2976	msedge.exe
2976	msedge.exe
5864	msedge.exe
5864	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
5240	msedge.exe
5240	msedge.exe
5616	msedge.exe
5616	msedge.exe
5700	msedge.exe
5700	msedge.exe
3716	msedge.exe
3716	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5272	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	5832	7zG.exe
Token: 35	5832	7zG.exe
Token: SeSecurityPrivilege	5832	7zG.exe
Token: SeSecurityPrivilege	5832	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
5832	7zG.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
5156	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
6104	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 888	1836	msedge.exe	86
PID 1836 wrote to memory of 888	1836	msedge.exe	86
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4576	1836	msedge.exe	87
PID 1836 wrote to memory of 4532	1836	msedge.exe	88
PID 1836 wrote to memory of 4532	1836	msedge.exe	88
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89
PID 1836 wrote to memory of 4344	1836	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1-fKy1c0HEaAztvR12auIAZb3HLF3WGwc/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb91946f8,0x7ffeb9194708,0x7ffeb9194718
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5660 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7744 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7524 /prefetch:8
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18143122420656832469,15770031858223299450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
  2⤵
  PID:1988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2496

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5156

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5272

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5760

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\PACK MARIACHI\" -ad -an -ai#7zMap31869:86:7zEvent7714
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5832

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
41KB

MD5
f3d0a156d6ecb39d1805d60a28c8501d

SHA1
d26dd641e0b9d7c52b19bc9e89b53b291fb1915c

SHA256
e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3

SHA512
076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
1.2MB

MD5
540af416cc54fd550dcdd8d00b632572

SHA1
644a9d1dfcf928c1e4ed007cd50c2f480a8b7528

SHA256
e4e53d750c57e4d92ab9de185bb37f5d2cc5c4fcc6a2be97386af78082115cbb

SHA512
7692e046e49fcde9c29c7d6ea06ed4f16216ec9fb7ea621d3cc4493364743c03925e74244785588d1a4bfc2bedd32b41e7e66e244990d4076e781d7f4bbb270f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
24KB

MD5
303a79d404d97ccbb3d803088fc387d8

SHA1
66e3525b79a1a58a63fe0934f31676dd40c7f033

SHA256
7e510e61c497d334da21eccda06df5d3a428c9ea94d6903b6138e7c7255aba0f

SHA512
5751d97634f0fd270e36044a1ef077c0ec1d9b146bd8e5d28207a083cb350fa467e083433c2f81cff896ac7e3756b7014a408feb203f2d175fdeba0a37f3614e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
268c26b49ac76208fce1067b8f4d5ac1

SHA1
523c1394087b17e3f9044207fe3788c62b719109

SHA256
0319274263362eb3a738ef9d04fcdc99896fd156ea44f5d35f198607244ea2d3

SHA512
7e2a4eeebb149387c5d4e2e4bdbc14f55c49bfbf1ab7faaa88857c9adc88f81c04ec3a68fa466642fc83d435acc1ce4a53c3159f9270f5fbbafec22aa4416723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1384491e129ff55c17b9e932d477ba6c

SHA1
6f7b9a1b6121aacc672cf4c91adff98382c129f5

SHA256
ee1e8af81d465a895d749c854a3cf09e64ed86be527fb7aba52dbbc49bf4cd2c

SHA512
4e208e581c89a515735448a3a74f66241dfdb24f4ceb555e8c1edea72a9fa1baa91b2936b6c0e35342e00f2c18f1c8cd0cac784ad51efad3b7e761983e89c8a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
ab2b495ddf09cc2f0bf0c029c88f88d6

SHA1
3bc7193cf179c8b6bebf3f4a3bc4b9f543409b1c

SHA256
1d84b306e43cc5031663908de34da960ac11b638f519ce3391cf908b9a2b0a99

SHA512
fb50ed24b5257b62832f3f66abd49a48b638b30b59122538f412fad2c1d16a5186f07f1b25652dc25c74a0c6566ad693bc4b5cf30daab3a94f3fbe3cb1308d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
dd0563fdcaab3a00e17a0f5db4c42946

SHA1
1f6134628ff1204b5bbb2341bde21d276cc0f83a

SHA256
86f84dea806b5f6fb1c4336f1a14e056c8964cf280d3803aa01920d0f5dd3241

SHA512
25f91744a4a052db2f4365f13c767851f02461f25dd5f0aa7c11ce221411d79e3bc3ae714f8a76e649524ae244d7d51aa1fbc2031be7cdabb7a4f1e31cebf018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5636835fd106ba3567ba4487e159cdba

SHA1
0868bb1da2e394eac5b6e1df610f4cce12cb1f59

SHA256
699073d1fbfba35736ff3c05f434caebf72f389103655bf5c9a28c89684fce47

SHA512
f65e64db351c1b25b2daea25b9715b56e5fd44c272636cfa3ad07c398fc5a1334b005eff2dcd289463f08774c5e48c6c94beb989280121873bdfebcadeab99a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
8bb3220b08f3510489afc8fa93a092d4

SHA1
a0723178857c53c231eafebd4b12df889a647990

SHA256
358ee8de735687aa0675008660bd32c6d74390e6b6c7ac1a3d1a6cc90fbeb4ff

SHA512
b8d6ef5f10be6c928ac8b661bd82c3f9aeefd84608143a564e51c213bfc9926f3deee6171ef7330eca41e335dcb338abfb49e93b677c645b193828e3d0f75f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
185c7df665d632a7ba7a9d4d35780d8b

SHA1
94569f064cb4007dfb5c74b9fa956578f1528966

SHA256
a459120916c01ba7e95b7b40ef8cc6e8a8dc68ed2cb3fd9cc5a2dfa6ca69378d

SHA512
ae44b70c63645aea29cbd1865e5dfc2d61cf64c7daacc10d37e6df573cc7822d018b7d6e96219819398b1ef4c21082d00bd74fec3e771167317c73b42a978d68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c0ce0e3c85ebbfc87d57369e19e50b2

SHA1
d334a720c73d0597003f702d1c56b98adf92e52e

SHA256
f77e1b69d273260a54e25171956fcd1afe7a267fadb7d47c0938927e2ed3ac3c

SHA512
073629ff6f4b9c445956984071a02943c5999894789ff8d2ff1ed01850751d4a3c34e29a2f8ea64d324e930a58d98cbed629324154aee76abca6b57b298748c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9a0f31381c2addf397834e35ff26535d

SHA1
b882d19f6c472277758e9b1e1df0667ddd166d57

SHA256
82df3249cb0f268652d611f646a82558431bb8e022f3b8c610607d94322f81e7

SHA512
845bbf6a44cb260f9a476e1f62e69fb928171b222b268b6c2e60e36964da42d528cbaf2fbb56bb5902e93cbdc9a6debb95ef7b8817c1051ccaf2930479aa809f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b25d78c35c46ed88d5dc1c35df593668

SHA1
1708bce945f289be91a72d067fbe888b5845f1e3

SHA256
7572f328d4b0980576dc43080808d881d6c767d47fa32afe915e5780dab5e911

SHA512
bf1bde8a05478e561a5e1c7c9fcf336c2604996d1bce8432176954ea85f4d74fbacbfe7577e4393e92a430ab8ae2a24f95709e2c82aba65e7f15fd59812f8ecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5abe337d48def7511a6d7be609ee0faa

SHA1
750a3d2c4f3e03e515e81dd2a38996437ce0af7a

SHA256
420af44edd847119ab491cf2631524002e6e50dddc4f10a690d06d2165d711c7

SHA512
18ec6bbb42ad809eb6855d0fb7ad66620a4059acb6faa98e44be481e544b0de143f9039a1549f7223afb7ec61cfb5e429e805a3ed0d9bb2d09c07e7f43dce6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33bba12609472dc94a7d6b422f7b6c7b

SHA1
c7ad1a37818245111e127ee5598bf5ed2fa460c8

SHA256
993b90d83d6a9a4e4d07c7daba8cc71bdc6822fe1ce36707c1cb47074ae8c9c9

SHA512
6864fd6d284e5fdb450482d25832b7054d0a4a949276b771362851906e9f8c180edc253e74289b874505a03a34be807aa7d6676668b82163b691d9a88817dbbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
cdcf3e58315f00edbc86979d2260bd75

SHA1
7ed64c9b4799c522cea61850bf01ff88c80ee45e

SHA256
243fef41a3f582a4f9c57dff90f10f28846ef4a0318d5464bf663fa2d9b56c73

SHA512
ad8a33c3f1891d1813eaf3c2854743e4a791ab4e4e54494693aa48bc3963e0822b57d79721bd7551ba234e5d4be904f4aeabeb7eedbf7c208bd9b1ff3b517571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
eeaa7884b1d6bc8f3409072b61988e00

SHA1
46779fef77fef18536b6cb06fa3b6b5b15fc9beb

SHA256
650f7bcfed654b456217c7686293711ba55fa148d9ff14f8316a549fd9f89de5

SHA512
7c6513bc56c89ae715c367dd91515d6a965ef8e556c39ebe042b1f8056649b34e4668d77559066dfd19a4e59d5b0cd2c6355f799817e2bfce4a5349968ce3fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d7dcf538470a357f6467e321473175ec

SHA1
3ac6f864156698c71d11a23cdc2f56d553a43e37

SHA256
1f301f3b6c9d7e12f8f0aeff17456d9f4289b62f33aab8d3be841e47cdb4d3ef

SHA512
0db7debed4c7e63df8cd20c5e795ab3516d3696bf061cb3ba524484edc0fa7d240da6996ea629529c48f37d1960700811578e0402c048b9fd8922928a4de34f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d4368a03c47a7a6316d2e4c6a4cfbd63

SHA1
811c87a870cebf9fefe837b5df412d7bd518beb8

SHA256
a3af033aa5c34448d9b7a3068b498e41da2e3253c0923d4ccf4f1ac5e8c3facd

SHA512
443142036f53922ea593304c60abd48e687c82fcba4a068daf1534de3442a174098a05b0d9b07395ca0572521842af503194975a95abcd5920c88ddc2e95740b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d981cac80f356ed45ac485d96685a243

SHA1
663a101f461e001f4c4b7206972a71d9a2b80564

SHA256
b9cfbbe4b6576658af77f05527e32ca08d1548a4d4e024cf079b0ce799981cc2

SHA512
cb46002cf6fe1a95f9d4c705b08b9cc95d7083b77bff6693817e9e2654faebe69ad68f92d5c71dab8ee20865faca1ebf01cf54a9c16f49b63c426ec4fa8cfe3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
29426ad71f188becf8f68d9d03fbb6d2

SHA1
9a5288402f4194406f669b871ec81ced57a60830

SHA256
233b077b3d0666f1e46b021c033fcc9f5d9711d1db0367d4c884f9842e3552cf

SHA512
2ecbeffb1fef53c1846e323466b90feb324ba5a731e90b5815d7be6a7093daca117f171b37d47d81abc887966ca1221fa8e15640b7741149e2bb563086412042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2b299e1f68d933cfd240d9816ef57b2e

SHA1
3da5c3bda62bb399cc29e041d89824e3ef8623c7

SHA256
34894700ca9ac4db79aea8227bb23ddc58661263b80ba15e55b08baf57bb4ed4

SHA512
b2a0817e6634413edb09feb326565bac4b4cce739b6c014d7380518913448fde17abb1ac71279757505e9fb41e31aacf4808e9c9f0c632ddb4581d6b6f0f5f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2325787e98749901dadfb5288c744152

SHA1
b5349672f0d05b2e2a9ce42ffc1358186d7e7e3c

SHA256
adf5ed8d869454eb5de3748121e3d60d8b1e8e62bddbe310dd8e53c4737834cb

SHA512
acaaccb96ae3df90dac20614030806c62c4a8d940ca60c7fef10956da5ae5b2a6fdad4a215b173f54efce607bfa0a54fd324c7c886d917583173725612c0311c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593bc7.TMP

Filesize
1KB

MD5
bb1d690c8a2b927808ad7e48d8beb73c

SHA1
d91bdafba92204ade1554b1653e0747c32196935

SHA256
f7a463b9bdd6d0e5e75f0f14efd23dbcbcbc9d27d4605d543ad83b3ec1e21bac

SHA512
0677e65211b153b1c617a22256869019dd6b4f614f122419772913de21b68275da8302536db06f9ba7b3d87f9323a22a722adb753f64c7e7547cc72a3f3f54c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b92d87e152f04615851cb9e23de7506c

SHA1
23b6920cd8f5fb9f4bdc45ec03d6cdc5eca224d8

SHA256
97232ee613f3b40d108a9ea11810b0135dcce478390e59a0731e1528be305772

SHA512
b8a76c676a4fdccb1cb974f51b1ae9ea6e59ecf40613d4c65bef9c23fc14abd3edd689f875288b5bd8de47c478c56293fd86bc233b51310c5ebfbba2a0f0735d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
549d8574f0aacb603ecb50f3acf64ab3

SHA1
28ea6e2b107ae7d27ad9f98b203be3b7e08c7280

SHA256
626a45a410c15660a0bde458e907171a58bd03d394926b5d40ffa7196396bdb4

SHA512
fd4675c1281a56ec27e7020d0c5dc761ad60a0cfe9493bae18f451adb545cbf9e3ed00d12ad9350ce151500b043b628a6da9beb150d8de36235747b8f5d28224

Download Submit
C:\Users\Admin\Downloads\PACK MARIACHI.7z

Filesize
49.1MB

MD5
38196d5958d6e01e0320fab5813a1056

SHA1
fb722be75decfe65c555c5665f3da421314a14c7

SHA256
e2e6ebeac6fb67267e803e4081e8e87648d985afc707152bb08eb8cd37628673

SHA512
42954ca6f22fa9dad05516db562d2218314d77b63ec3754d27b0af6fae6fb6ca140a6e2679c11f400b656137a5b2a5d23744250775c7ce1017b6b6c8c0ab6d90

Download Submit
C:\Users\Admin\Downloads\viewtopic.htm

Filesize
46KB

MD5
9f365fa919634ced775812e6c4f1da12

SHA1
362fad57854ae76ea07698e5a6c9d56f940640d1

SHA256
5fe49af39d8495b2781dd44d00f86ad62d2e22cdc9bf94e3f5467f8d5fa8b659

SHA512
e3314a7c170f68bd44ae6b1a5c0de8ad69e0e1c94d6a10e2a4d76205d511741de492bd6f2e602b2ac0dd38faeb17fe1f5c0e039bc5cbcd914da2ec5105322ecb

Download Submit