hxxps://drive[.]google[.]com/drive/folders/1Ya5cLTWLYYxJIHIcn_nlS6xFehcFSrF4

Analysis

max time kernel
299s
max time network
301s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03-09-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1Ya5cLTWLYYxJIHIcn_nlS6xFehcFSrF4

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{70A0E544-F4CF-4743-B839-AACC021677EA}	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\era85nonvip.rec:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\era8.5vip1.rec:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1764	msedge.exe
1764	msedge.exe
1952	msedge.exe
1952	msedge.exe
1028	msedge.exe
1028	msedge.exe
3044	identity_helper.exe
3044	identity_helper.exe
3320	msedge.exe
3320	msedge.exe
3056	msedge.exe
3056	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 2316	1952	msedge.exe	81
PID 1952 wrote to memory of 2316	1952	msedge.exe	81
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 976	1952	msedge.exe	82
PID 1952 wrote to memory of 1764	1952	msedge.exe	83
PID 1952 wrote to memory of 1764	1952	msedge.exe	83
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84
PID 1952 wrote to memory of 2632	1952	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1Ya5cLTWLYYxJIHIcn_nlS6xFehcFSrF4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffaa653cb8,0x7fffaa653cc8,0x7fffaa653cd8
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1980,16163313902022458329,18291002231517309351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3364

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004EC
1⤵
PID:3264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2339b74a-9fc2-4f4b-a166-0393f83e8369.tmp

Filesize
1KB

MD5
a83b89fd01ba1ae95214dd0eea1aef2c

SHA1
2934e161773d83e440293ea25635fd5a1a2d512b

SHA256
94d6274b993fa052ebcfb9b69692d7fcbb1240b869c4c7653760d4f47bf77913

SHA512
6768b95ea07d9afc1f38f2879fcf0084db89fc2e6f2861ae9d609e20e6527203b42afea2798a3c0984d60a976ef7f40ed86713989d521063dcfda6411980c855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\65cb369a-94b4-4cd9-8e0a-5ae5c597db89.tmp

Filesize
7KB

MD5
ac1be39df239675661da7aac1ac8764a

SHA1
38b00a4c0175e7b6c4322769dd15b9950d52401d

SHA256
e1d0a09816d5d9f88645c91154c4c6c44cc45ca38265247d29e0cb8136a1dd7a

SHA512
98b78562495fe3759fe9446f2cec1fc70ec668d0ba4b8cd70f9534596718e9e073f78f08c767406cc62ae040c8202f3213f0542b7de4f39b0413a2faf063bf41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
28KB

MD5
4dd36552638146f0db4bbb586d77bbc8

SHA1
40eedaffe7ae31d329d039266ac9d0e684abf7c2

SHA256
f6834510e1a68c8ff59e74df570dff297539a877ae77f26438a729d7b4a3b140

SHA512
2f2fcff9cf628a64b0d92944fec0665d2ab361fdc670ec62cd69d4bcd48f39d93fbce17f60cbdcbc51752b536f6eedad2913eaed2f193c80bf5723284d366c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
41KB

MD5
f3d0a156d6ecb39d1805d60a28c8501d

SHA1
d26dd641e0b9d7c52b19bc9e89b53b291fb1915c

SHA256
e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3

SHA512
076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
1.2MB

MD5
540af416cc54fd550dcdd8d00b632572

SHA1
644a9d1dfcf928c1e4ed007cd50c2f480a8b7528

SHA256
e4e53d750c57e4d92ab9de185bb37f5d2cc5c4fcc6a2be97386af78082115cbb

SHA512
7692e046e49fcde9c29c7d6ea06ed4f16216ec9fb7ea621d3cc4493364743c03925e74244785588d1a4bfc2bedd32b41e7e66e244990d4076e781d7f4bbb270f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
26KB

MD5
1de4708beee6992745a7c14b7d8580da

SHA1
03bb2b7dd07f1701da7cf19b68dd23a2b298827b

SHA256
ba0ecf05941451756a9acfc7a913e64dd56ddee8f3811c8a9f1cdd0a219ad64b

SHA512
5d21cd342f3f70a7dc4bdd3b100e6677e74a7fec22af3ffc9d048618d1daeb5dc5e3f1511ffaa2fddf2f3e49b31351d7d4613f7f03e21d2b609483ad6aab9c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
26KB

MD5
97a3bed6457d042c94c28ed74ec2d887

SHA1
02ce7a6171fb1261fde13a8c7cbb58992e9d5299

SHA256
ae56cf83207570afbb8a6ab7cbc4128b37f859cb6f55661e69e97a3314c02f67

SHA512
6c8cf955ec73ad9d97bbb36c7ce723bfa58c9aef849aa775ee64ce15afa70afb40e8cd45989dadec420d2e8edda9ec0f05cc76a0602df0b6c4e5d45de0f4ce7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f10daa93003415376e55640248e91912

SHA1
e162bb9c45f5a70347b439e038c5abce8ac38821

SHA256
3f9b32e361f9781607aa3a71d009375d27ccf773fe655295cd0132a227ea44aa

SHA512
c64a1a4184bc41ee03e531c97b0dad6cd406139467ddc77af1a52e0be705968bf5c7c62fd851752741e095b3bbbe4a4bb99c87998f6b99fe491e7c67379dacc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a3e2c8f30ca44da85dffcd0a850bf014

SHA1
c383d581fbb8d7960c4493d1255a3bac0749aa30

SHA256
9960652b69b6b11a828f28bc5d100a2d4a78cd3d8e7ea4e957e056ce7bc54a15

SHA512
33dd5120d9db550a6085611c2fa30a1398a1d491c87afbf1fa02ea36c39d81c8698db46e63ff16c84e493b12678f0302cee204a27e0232fc69d3cec5ea0825fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
906b4781ea5a6c7c51b0ae5b5f654129

SHA1
2b45236d9091f2488603dcfcbee3ec0e92d163a7

SHA256
0e57e171f0a7954e6a2587719550fac40d57c6ba993cf65ced5cf579ca5dd630

SHA512
ed8106dd8ba7953bdbb3a210d7baa1fd3de4f56ef4fff05607d19066d5ddba3418ca52cd2d05f999c951ada015a9e7380827af5ee654943377be98bb7f14212a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
c7816ce06b7d6a32e14909405cbd1c59

SHA1
10199a828c6e1c24fae9a98c70b1f87bb2bbaa8f

SHA256
28d918d6aa56044ec0d22369f0b4988024bf758fdb7b954a9824ef842d18f1f7

SHA512
765b36277860320c44607a97974d621d4c5001def9f4346c4f884673a7eb9fb5d082def3d138de61f8d6bf41b49584edeaf8e56a001672636d9529fdaa6e3942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
83db1db739ad18cbd168a2bda3305a50

SHA1
d90feec9c469ded524dc9ece30a374cf811e26d1

SHA256
6b95fcaa9b0e94d15be101e75d9f0c0c0c58d59cb9df30246a54d936cb087d01

SHA512
b940b643d0ccc0447e440e128a183968b628cbd98bfb3c1a082332be5931b4f079c933e509aa3b6eed4089113c75267ad037795355b970c0567cc425fb89ffa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
22f7e9a7e0e0b104ac1a9b96589ad3d2

SHA1
c7a598b4e43989fe449fb2fcf11f0d7511122491

SHA256
8300c7ca9f4e7b4dc7ea8e17ed34c91ed38821fab3856f55c032dd0dce3335cb

SHA512
89d466ae470268c70faf70fdbf000d703327162dbdf89602ef20def82633baf651488e6bf440e533ec6942566d2806b651f57558a00ef9dad46a908582a5a59b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f6b63d0ae1f6e55f5d429245f74722d9

SHA1
f529dad2935f1c4a5bb2f11f78981dc6acc938fa

SHA256
fe9db6abc6fb507b33a3a445945d687ab87871cab01ac8a071ee89240727b86b

SHA512
b2e345628e2b54a1c4b5abd9a7af574234a3ae56461771dfb286cf97977cf06c542d78258f10b61ef7ae5fe8fc945c5e5fa879be7d47ad26be70e1321e493605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a28f3e888a079541a3f46c46574db3e

SHA1
53578c96a3cca47366e1cca7aa373b647d47cea4

SHA256
690381556990dce2de50a1b4c723343803fe7f723fc5320364d130a9a47d36cf

SHA512
3ed8f9ce3bae3d4fde72f52f09a664cde50adafe5741c2c55d070719e676163919938a6d94b0e3b49aa82468f4b71263044e831e59e272673a24810bfca35a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4735949a20371e044dcf5af979af25d2

SHA1
1fa9855219f8ea500c7f98b0975bc0f9541e908b

SHA256
f02fbd14e4c690b8cd114fe868fa54dd040dc5ded681fae5ec96f3388d7f02b8

SHA512
b84dcc31bbac76d35b4d6c4d3a101a885b523d947c7ccd2dfeb2256d45b3e31d964db722f5ae4c6abab144f5435237a6d3229c57b1e2744509ce854a7ed59eaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7c106498b43afdbd3b2f851c7f3de03

SHA1
7e0cefec0894cb014917127c216e6886fe72234e

SHA256
1540c30418dca58592c381b27992446f566af0e46c3b343ffa18018b81992393

SHA512
65edb27789c2eafca057eade79fafa12bfeccdd3fb84b5a6e7d1c8b72f09082c17f6d93fcdf6e1ee00e24181f43b87f99d3d5201db1bce3d9020308625a48921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2064ffee21a31e674c2dece93cecf86f

SHA1
98665525696278cf826e613568aefbeb7d0dc294

SHA256
75ec31fe9bb96d3dcdc6ff298fc116de6c2e00b2692a51cc8e69e8f68b04a623

SHA512
6d3354306a924263c7fe459549d13dc8302f70de8002194659d4497b0271b2c1128999ee34f54681d4e69f17a945b7d4ade6c42be59f792b776af8cb6c0b5811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c0c1e3710deab7f9d238c41269b4dc0c

SHA1
8e180b7df8bfb8d779655454c9531f4257441c77

SHA256
8a67eb9abf12f1abf4d9053a95cccf34a0bd2c33bb70a913ad34be785e6cd8c1

SHA512
d21e0aecb0eae65acf6e1ab4140a11127e16661fcdf9af8ece6f450421f6dde78376f4d62551eb6ad73a0255368c1d1faa6dce14df1ad5d755f12ebff3a32cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cf366cc5196fad898528c90cb1056f11

SHA1
14515bc9f2b389502ab17f0338b27e07c6f6a465

SHA256
7c18bf1badab8c0ee182d1ebdb27169cbbbf64db8738fd7289924b272eb881be

SHA512
69322317d125327073558d44d95df3cb0b640ad27bdf99b4ed2282cfd91e33859ed4f67b665dcbf4a3282375345b3c6167f10d5d9ec9082b11283d47616fadf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb3947584c1ea314fd7adc2f29f4f008

SHA1
7e3a061b8419e6d3f46cbc48dfc1aba602ec9d3d

SHA256
db56ba765cd370fc7d0c55de9e623b7a335cdcf45d41406ed72fe4e62f01389d

SHA512
9cadce13616c13269ecc421f7fc78710d03176f4a3e5879a7f6ede8ea4fe9cf772da0ec78fbeb66823f40263b28cba6c0fae09d5079fc89a98e220a9bac19acf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b7a9950e6b35f23de737d7865ce810d4

SHA1
10bf8b61a3f4b31a8de674004798242c45e22fa2

SHA256
1c50c29cc1edb0ebbb5c74779477ad97e7cd8b947ab5ae2b9ac4e101ebabb83f

SHA512
0448389dad09ed32f971624b9788a95054436fff1cce1aa76d3073b187409a4ea54850a1789f9e22645baaa26ffdff8952db03a58255a9677af497e3c559ed52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5817aa.TMP

Filesize
1KB

MD5
38dbc1d224abbcecfba478c3dc646db9

SHA1
256e2ffdf98a551097075d5b46994732cf800031

SHA256
1d9a93353c559c3836cb366bd609585cd9b22d3c7161507ec330543b56e8d048

SHA512
2e1c4e283516f179031ed69f55eb710dc13c4c84ad146158c94f18a9a51ca51f467c50c8bd2dd71524136329c6fb294898eb6d3d3afc29b7c32b9805112ab651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3969e97cc85c582aab4c521fc34bc91f

SHA1
7fa77169febd2145582210d2523454e2d2155bd8

SHA256
3704af9a6b5ad68f1f7a74142b457e8085c33bce60613e60210b5375d83b7b67

SHA512
d41eeac82e6186f18ab07d77b608258828060ca0e68163876f8849b08b75d618c606730f7c74351bcec4c06bd7b28ea42c57e663db6d25c1de666f64b1636410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bba14b4e86c38035c500e8c5eaaa3004

SHA1
7d263c7c9311f46fb719c49924dc03020ee23718

SHA256
bd7adf46015e2ecc078cccb09ddf8df13a3458b2f8be3a115fac6e8d7cb7b174

SHA512
be67b67a2d1f19649fe0603915abf2bb2047da4dc3f7d9bfc5fdda39ff958be3ff25b893f398391f21c6e74b2c77ceb27abf6d64e3bc179e49cfd95072dc3f1f

Download Submit
C:\Users\Admin\Downloads\era8.5vip1.rec:Zone.Identifier

Filesize
186B

MD5
68f7bfc9ce9efece429bdf488670fe55

SHA1
b85c43ec145db485d669fad9c4dee8a84ba6e73f

SHA256
52d1746afdf30da3f5a3796ea4a5808c53775f79b6b5413f81adfaa0deca994a

SHA512
e9f66a7ef6734754276e60810b42e6415d5365594ae6de23bd7b363498599a9907c23515ded641da92e4f24852add03640ae34724475a26e38cf4f9ca540c8ea

Download Submit
C:\Users\Admin\Downloads\era85nonvip.rec:Zone.Identifier

Filesize
186B

MD5
947c5c2a674c8384e7b15f764493c571

SHA1
41e54088a925807d99381e3eb8b39e38eb04ae59

SHA256
78527777a924aebe313b6847b3617bd6f2ed2696e8c2a856cd6c5880b43eb103

SHA512
9d0144f8614ddcd114bb34982070508899d61e9ee0a1aebc5d59d004f4eb8b2860f854831cc9b667b5210c6256dbba7dee21d3e1085431b30c24e8a847b4e8e9

Download Submit