hxxps://drive[.]google[.]com/file/d/1zmVExGpsH2FKwcXGAn2dygrOLXfX-edX/view?usp=sharing

Analysis

max time kernel
126s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-09-2024 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1zmVExGpsH2FKwcXGAn2dygrOLXfX-edX/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4356	taskkill.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe
4976	msedge.exe
4976	msedge.exe
116	identity_helper.exe
116	identity_helper.exe
5332	msedge.exe
5332	msedge.exe
2136	msedge.exe
2136	msedge.exe
1236	msedge.exe
1236	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
1236	msedge.exe
1236	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4356	taskkill.exe
Token: SeCreateGlobalPrivilege	11716	dwm.exe
Token: SeChangeNotifyPrivilege	11716	dwm.exe
Token: 33	11716	dwm.exe
Token: SeIncBasePriorityPrivilege	11716	dwm.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
1236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 3008	4976	msedge.exe	83
PID 4976 wrote to memory of 3008	4976	msedge.exe	83
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 860	4976	msedge.exe	84
PID 4976 wrote to memory of 1712	4976	msedge.exe	85
PID 4976 wrote to memory of 1712	4976	msedge.exe	85
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86
PID 4976 wrote to memory of 4904	4976	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1zmVExGpsH2FKwcXGAn2dygrOLXfX-edX/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf28c46f8,0x7ffaf28c4708,0x7ffaf28c4718
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,2857000185052535604,3374699754938213177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:5432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4880

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5260

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\insense time 4\insense time 4\insense time 4\funny.bat" "
1⤵
PID:5616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" md 2876 "
  2⤵
  PID:3976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" start insensetime4.exe"
  2⤵
  PID:5024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" md 32681 "
  2⤵
  PID:5784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" start chromebomb.html"
  2⤵
  PID:5788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\insense time 4\insense time 4\insense time 4\chromebomb.html
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:1236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaf28c46f8,0x7ffaf28c4708,0x7ffaf28c4718
      4⤵
      Checks processor information in registry
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      PID:4988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,6385292946425341135,4689523315374857071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
      4⤵
      PID:3512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,6385292946425341135,4689523315374857071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,6385292946425341135,4689523315374857071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2304 /prefetch:8
      4⤵
      PID:2792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6385292946425341135,4689523315374857071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
      4⤵
      PID:4000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6385292946425341135,4689523315374857071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
      4⤵
      PID:5112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,6385292946425341135,4689523315374857071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2720 /prefetch:2
      4⤵
      PID:12920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" md 8475 "
  2⤵
  PID:4144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" start funny.bat"
  2⤵
  PID:1872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K funny.bat
    3⤵
    PID:5872
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" md 2885 "
      4⤵
      PID:4148
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" start insensetime4.exe"
      4⤵
      PID:3464
- C:\Windows\system32\taskkill.exe
  taskkill /f /im "explorer.exe"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4356
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4904
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2708
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6000
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6016
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6020
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6040
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3780
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2532
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4432
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3168
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3744
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5352
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1328
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2920
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1376
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1108
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4604
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3888
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5472
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5572
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5680
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4596
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5756
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5776
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4680
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4836
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5800
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4220
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:864
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1500
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:4356
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2368
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4100
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3592
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3672
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3536
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3724
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5280
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3920
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2592
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4820
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5984
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4964
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1232
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3688
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5300
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4176
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5492
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1752
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6156
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6176
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6308
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6352
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6396
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6412
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6420
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6428
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6436
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6444
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6452
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6680
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6840
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6856
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6864
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6872
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6880
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6888
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6896
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6904
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7152
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6664
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6852
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4228
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3408
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6940
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7172
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7180
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7336
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7424
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7440
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7448
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7456
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7464
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7472
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7480
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7488
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7496
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7600
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7808
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7924
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8008
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8060
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8076
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8156
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8180
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7436
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8168
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8224
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8264
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8308
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8324
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8332
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8340
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8348
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8356
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8364
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8372
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8380
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8388
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8396
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8404
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8412
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8420
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8428
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8436
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8444
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8452
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8460
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8468
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9068
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8564
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9284
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9292
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9308
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9316
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9436
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9520
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9536
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9544
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9552
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9560
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9568
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9576
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9584
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9592
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9600
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9608
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9616
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9624
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9632
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9640
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9648
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9656
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9664
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9672
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9680
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9688
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9696
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9704
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9712
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9720
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9728
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10324
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10368
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10644
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10684
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10820
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10828
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10836
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10868
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11020
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11048
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11056
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11064
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11072
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11080
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11088
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11096
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11104
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11112
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11120
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11128
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11136
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11144
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11152
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11160
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11168
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11176
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11184
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11192
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11200
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11208
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11216
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11224
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11232
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11240
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11248
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11256
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10336
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4916
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10360
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3428
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2688
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10676
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1676
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10848
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10856
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10972
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10976
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10992
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10996
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11268
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11276
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11324
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11484
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11856
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11832
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11500
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5596
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:12292
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:12304
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:12312
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:12320
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:12328
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:12336
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:12344
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:12352
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:12360
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:12368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5432

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:11716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bedc4f1765a3015e3b9e596081e8929a

SHA1
e7b238ee09c3644846e73ee92142ff54ab3d605c

SHA256
ee692daf7af3fca3e8c4ee6fa2c5a99e23a47d495c29bc07c44ce0278f44bd09

SHA512
42f38d3e5ad9254e93889e23413845c7bf2666003f296f594a32446903ef3835d070d7456c343a48ec1cf67d4200613108c000c36bbd192e72927bbad92da47d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
de6560a568f3971cf23f52882c2559ca

SHA1
fcc99075de21b14cf07dfe65ca7ed882328c82d1

SHA256
9def70ea7bc6a41e19daf90e41b92fc47ea316e08e43737dead00ccad418ba8a

SHA512
0643e98f09f1c406f1dfc0c044fe57bec40a4fc1c29ce7685c82063e8774d736c99cb7a1b58dfe29cad943e3d491724a094367fc727373ef2b868ed8f4832ad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
64fd2dadc0b285abed8726f9b78155dd

SHA1
15046e42a82eca3a83f2324b77eea995e73f3e58

SHA256
0c144f14e914ef1649f018811924b5580e1d4bdf032ec96028075e3024d707bb

SHA512
69b2443edc9e2905fa1cd222b9df1ece665044c02b421a103db8c5117be746c2b208e01fde2d64ca4b06e5b3d44bbd49c5c48b094cd5b3024b04ecbbb4b0b56f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
6fc60d8ca226a3a7410ed7ddd086f2c9

SHA1
e82b7aca5455a12d2d64a87143b5d850323dfd6a

SHA256
e3dbec1ceae9da9effa6a52c85375f299e7e32189b1658d853596e20200c8aed

SHA512
e73290ae5c39c64406d76668671ba34f470adeb48e5f836fe027940211d2584de3f1253972182da9a5de67bd876e0a26aa335b5769647255e569e492c59c7363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
c97fe7147ae33e7221daaca74e35635b

SHA1
993aaa539c2f2c9c3408e8f20376efff84709974

SHA256
e216a4d50f4c5854f7744f1ecd2dfb36b3137b43662abe73166799098e8a6e24

SHA512
9bfd5ae1e270225ab1e41c9b004c7a0850290f5f2c9ff1ebdb0ef30689fc82e0e118fa5b30cfb1babb19ddcd180c1e379cb495b64bed63a325f77111872d404a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
7c5bfd4533ab975ab588038232c627f6

SHA1
f8b07e6490403e387971146c9131774af3704e04

SHA256
5329741e17eb295c412e30c841c5409201c7b84f343c67369d9d15e02a762e50

SHA512
eb5ff65c3ff1685d02a13042bd17dd4338714a0d01482093d499af30eef4d1426b23307ab520e1a179a97d0586557161f2eab8ff135492702b97f87e670a936c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
169d8976a4c0c059b79e8089bb046180

SHA1
c830b3769fcf6ef61f586e503ab8bfa683034750

SHA256
6ec2616f351fc6adebdc918ccf4c3d097e0ae5812facea1363145f3d84e42cc9

SHA512
92f6ca88fd80fa97f5d6ce62eaa4ddd365a37122bf5623e2859dce1cfecbdce563569043f43c3d961791ceebfd40f9477525dc1a34ae50a1c02a4cb37ebdc9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
298becfdea8bdf3d814b15c664982a6b

SHA1
f16c690761a1cf88993cad37c0802bdb988baf09

SHA256
4afac7b1ab9b40c47dd798183320a3364f7144469c17c153effc5a7876fa2b83

SHA512
45ffe24aff79eb733bf274fa4617d8dea900c82621858e14837bb3f3dddce7ad3f82f83219d7f6ac4fbc60c0ca671e5e04e5e714faba6bea96e11048d3f074a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
95B

MD5
e747f00bc750c8b5438d17c626546063

SHA1
42fdc138eb2e3f5b19b21426a0cf9aa08fc2578b

SHA256
eb8ea32b91057259f2cb40d6f8fc63367a39685486fa045bd0d4cd57b4613b06

SHA512
40ac77e5937d6a79f104bd309e7e6e5593bf3c03f02efdbda375df04a7cd26afa3a7f677e7184919e25673a53663bcf36364b5e277d499d97046837fccbdf4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
c4f657de511633bc7a6c92f5cf1770c8

SHA1
59819f591c70210830dbc371ff3d00735925b8f0

SHA256
d40de512f846cfdd86c3b536e38d621edb0ab7e653ca387f214333180437d2ad

SHA512
631bd2dd83d2ab1263d685bf907c201124bfedeaf134edc805282f5ef8442e1354e0308af89d187de83123e5784837c24df79892abf54414840771b126407cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1eec634cef002d139737433080dc1029

SHA1
77bb822d5ecbb33cd4d91bb67d3fb0af24a44207

SHA256
dab1340685a6cba67ea3e775d6c8729a97a06bce103a6c17fd62f850509439cf

SHA512
b50aa1539e5d1ab2ed2dfc3fac08d9a99b9e217bfe95d09fc37baa3511ffd16459a07f2d5ca8a74a4612b5ea510e571dbf4acc9a639c01474d38ebeb508f0daa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6f1701aa109245aafbf4cc558b3da2c8

SHA1
c3671697b870969a0a9d743b700fd568b2f55f54

SHA256
5044939406b0148ede9555c2f84a0a1c25481980800fe92c6f68e0c76b15cfaf

SHA512
99cb7d6d27986ae0bbb00a1514c5bb0771566046bcd04824d105993f71d7a3cf0551ac7c2406e0f68c769380e8e9e9ce20273965775f8eb132ff49f215263a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0c2e6e2268a80f42832ed760382466c7

SHA1
5d7e0bca037f99d37dc1b37175bf978a6bcce123

SHA256
128e9d22a95b981650f194eabfbb230e51ef7d306925fab5a5638a8efc72bedd

SHA512
d438528756dbe17b9c9faa93fd65d4988a1171590424ec0ef15b635603dfea3c380df21aaea9194c754068f6ed0fda5f2dd991ae8982f0e80fe2f4056368a790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f51990bda0c7f4395de721f6e973a09c

SHA1
7e8ad712ac16a65b73fd4e50867d1fd1f673efd8

SHA256
0ac425ddd2e527b6dc4de8f7cfcb7bde75208298e3fe1047ebf0d8e382bfa796

SHA512
1bb9f9585a2a19455b38e802ce00fdec77252f65ce95294e3b02d55b941156c0ae6d00b14864853b9eea5e117bcb605795057e9255176f2695883c010dee6ea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8078b9bec3b1c98e1a59bfc2d2178faa

SHA1
b7ffc11328000db930e0fda49815069d0ef1c1d1

SHA256
7b0a944138d0ae4e5269e47956c094b7c6abafea8b7db610795e517f96276857

SHA512
d529f38fa5fb21c2896d3c9cbbca1d20bbbfbf1a2a7400346fcf60a6c53b869e94ba19888859bbf4eb9b5fce38bc6f0fc4bb4a1e87e65abc52a240c326d48f0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bcba13906a275a516f93f223cc4138d5

SHA1
22c7fbc98767373fdfd2856840b3321042aadc72

SHA256
2395a7039eeeeb1e1a269f97cd21ac07d0dd4520c049d9349280b3531a1283a5

SHA512
3c80b7f25d396729e4a39825ff02360001aca5ca15ce31d4bec72a5a8d13eefac43e63b009d15547a0ba8d33f97968c7950c1bc3204c6ec6345f8e945c04ed53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
616B

MD5
ffdf5c19933d5de2be0e06be337c1cca

SHA1
7ea8c7ddb2ce3e0847f126ade07c9704d5554978

SHA256
d2580f3e97fe66ced78c6831c58a1679ba77cf0a57e311f3234487dd18815004

SHA512
e76d0bec5d3b9ee6ca13b07645e03640b437a10c59008ef1184eafd04f2f54c957134569130514a9328106395b7c850f94b80891ce0dd3d3b3d6f4a23b5cf81e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
ccf3a5258ecd5a4783a81829ea8fce1d

SHA1
5741daefd242cf9add23ed2e69ece82925925edd

SHA256
f4d181187acc13703caedffb24316f21f9c386ed4d8f773294b42e4cdb60ec8a

SHA512
3f93855dddc05e99f0a3d43478fb6751c7b1a7f5b52d306501b970a916b3fca8965e9f10e555ae2f890e08cb40d4c88380fe7e7d41f2c5f556f6d15b5374c653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370063360141998

Filesize
21KB

MD5
3400d7101e4164327019ae7e00721bd3

SHA1
7d01903640e9e7901b270dba6786f8d75756d605

SHA256
793d4f73ea3d48adf656713bfc7533efd9e45aaaf645bc1e7a0548976ed3a4b0

SHA512
ef7ddb5918c6292b46f7d1bbbe9458745195b33c93fbaeb9494aa1751cdc7ee43a9fbd0589d33fe60252be43c95a083421bb83b26b5d359fc923f87596949d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13370063360374998

Filesize
7KB

MD5
ade412c83b93cd6bd55cdacdc32f1eca

SHA1
d4ddab3dc0c1801f192dcec70a55e1295e489ab7

SHA256
1dbfc8bb051ee58d3cd22e2127d34c246dbd192eef13b5020000c6eba9bd16fa

SHA512
5f87d0b3930a9e4ae77e0a84d1339640190400bdd37e95db61b8503a346be9b20a4b9dd5d9655416c6b944958e5e84ffe7ef1075e2b72adcd3af3cc41d3eccc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
71dc99ae6f98910debd9db99e89b687d

SHA1
b18ce419b7f7e5f7c1eaca52ab177d0e3adf18e2

SHA256
e2d1c59d6fea4325036db9be9e1efcc3e9218ff4870de2a6aac542328cc3b950

SHA512
9b79a6023e2550a931290a8a25a2be065d1331c555c07f187f263319c1a037819b8951bee61cd3ef766930ff5e4bcc37bc3a803adc2259e785f54ec4229c9c16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
8748280d7b6db4597b538a50cd3702a4

SHA1
f5190afdfa3dac3238562729ec02a2e0c1470fdf

SHA256
2345e3efdc2e74076d1387fd9dd62f0a07ee6feff734e4dd74a95c0091315572

SHA512
3f246840ae834c26991c40c3f269a4cad136ec7a27655ff38cb2026afbc5c3e4428809916b3515f3b0f066de58f4e2783895caf517d70174911222f3d071fe84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
37d6db25ef07a59722a84145ec2d3ae3

SHA1
9120442e399d666d647ad044988df7ff8feaef47

SHA256
a0052d6b42b09745a8ccb1c369023a0ea9737c6d125309aaaf88356d881be055

SHA512
8c54a3ba977c1a40806b24ac6c8aa6bd65599ae239e54320a91ac47d1833acbe844533626544f18460ba15e1e8f95983692ce75b7481e2c7fe95df8f6a49fe24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3ba65081363ebc1d28ab84969748455a

SHA1
9d9ff4a995dcd4541a1eda0d90593fbfc077686e

SHA256
2aec64d09379d95ed8ea8d5891d301552c3e7730d276b32497bc5b0a2ca71b95

SHA512
f765b1216c63f82699c8f119718893e2eded195b96a89e6f7aefec61d7b0bdfc4b46b8d7ecbe894fecd7db4b7f66ae4f72a18a86c18af222db55c4a19eb5183b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
2c7fa4a5bb076a18d92b775fe9e15b30

SHA1
431b27a1ddc7b5f8e6c0300247754458a9277477

SHA256
aa12b2b47d98d3e7dde831ba92561d6e362a94e0ba5200574eac78d75abf6a4c

SHA512
bff5229a68f0f6f066d8e9cfa40dfd0af02ad8a62e0562714aa41408fa8b2fd3ee3ae6c682a41fd2eb8b5187d7ced88e4fbd32097c48580c34f20222aad35491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
534381227d3b0c12165e8846d9e3eb41

SHA1
4d9e5ecac146d07c838753b046492c4a512f44b1

SHA256
62bddb076ec34677966415ce781f6c3a1b4e47412f085e04d9f34ab4f10b6e5e

SHA512
b51236f588f11d68b0f99a0a8c41011b0fcba15dc486b0b6e097262ffd8b579dd3906245c2261431d1b54ebc046c754c9be873a3e81b1c27071c90900a44ac92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
26KB

MD5
d46ed3399f324f9f7fc5836cc6e0459b

SHA1
5ffa0cb9402a81ffc9e7bab98ac24978d5c29f93

SHA256
8818e34fbd2ab173fa7c8040d27f58e318d2cb3b978d7644e403eabf76172d65

SHA512
9236c50dfec58ddbe427dc224690ac257363af9b15d9e62d8b5b8d6577b1428719794fe370be24cfa1081958d31a44f287c80ce0b78f0d9ed41a9a4004aac913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
168d933fe57c67a682020b61da3115d3

SHA1
92f4405d8e0d1680922719584625b37231c38925

SHA256
b342540dc7f2e21a1b2b17e8694fa2ac96fc4aea08a43ba87d9df0eee31b3bc6

SHA512
c9dd354f3ed94f47a09b552d578699a19f00169942566563173b761f32336eaa19903580c242210dad8bee647d128ffcf84c59fb69612482c7117bab74ef0f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
1e694e8e15ae15dc6abaf61d7bede15c

SHA1
717ae995fd906b275834bdf2d22c7c030f1e0000

SHA256
fe966a1f330ff70d88861f068e17105e747c8d5652b3dbae705f73a7bf817ecf

SHA512
515b0e9fd318fa28166622c69b4cbe307a2c9a628f9f0afd7090ecfa588e90f86508487e0e564e908c776452abfd993e0c80ea2caebea809b3c488ef586dfcaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
68da51805aafdf9785869e0b25cc22aa

SHA1
d2fbcc37667de3b8d32e145c4fe1e71aa4ba2e4a

SHA256
3c1b899fb10cb675cdcbcc7cd903c52debd4158091ba9c9d2749cb7a203b8c25

SHA512
4aff4e0dda7ddad43659405da9865f0b05e23a9881d55371d536aea751f7430a2be05b85aed15abed42654bf962122fe2ad4aed75b3bf8e329cc7fe73b6a57ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
c11ea004c59635da157d9e78ea57e04f

SHA1
e004a13a433508d6aa1969b590e71a0b46e0017a

SHA256
2e7298060fc753efe54cb48bb7e529d10d7011925fba028f4e1742b8e0762bab

SHA512
df030ac1f8cb68606255ca553d072bd5066f8dc79242ac85f41ccc0a1ab1413a28795326c984a6529971745173a4f63d82600afd1b0f68a5615a00aef1a9428b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ccf0494e23c2a9a94d833f2a2b7a7085

SHA1
5ddae157c4d5d7c0fc9e4d3790a9b261819452f1

SHA256
1a1a7bc4b82aa85321924c26e2662b2f9e7cdd5f997461c26a827686a8d6f281

SHA512
66a65db9cce44709880967026fc80785c8a814069e3536716782f6f1b17a7bd0b097fd43b340d3658b874d7c7ad72aac64f583c824939155c8915f1f3b832b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
00d0e984d23215e2d3777eddce10eb24

SHA1
b78b54a1c6ae374379927fc294cafc6e76a8e80f

SHA256
eb711124402aa30d073bb9e33b88f7077e38781413becc8eafdcb18269c7ff96

SHA512
652c24f5fb85064c7a2e5ca679b3047860a4aaaeb106283067d401702df636255743e02a8f1f12d3b8e52814f9ebf4eb5884e71a4b111fd057ba59c483e6b796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7fae6ead3e6b7f7c7b3e6b316b946fcc

SHA1
2543ea4bcc16675e4ac490dd10b014dc68331738

SHA256
b0f4f9ede7db727a2a2cf946b8ac53303faead0a67752acfb40c045bbb4fcdca

SHA512
a4fa651f7094259713eee5bd36f6a6ca846b6586daf0c9affc6238ca2feb4ac9b8b81093db927824fc86d1525c5b39dd4c94c7af1f50098863f7ec0cda5859ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
35ec45414100f71b664ea5b18170319c

SHA1
c2805efdc477b90f499fd38e2f8d24dbb475f0c9

SHA256
9719aa16671a63575e58dad3fda721c8de5a97c1c709db570ed1ca6f2f917433

SHA512
22c0653dfd396bb5bc04e922f2b38148adeaaef7109b8ccca453913c92e0d35f154c676da3868577043f01ea9d249aa09116470ed2d552f2d82f6c8517a2c9a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fb6976c174fb8ef718ca632d235c7a3a

SHA1
f7bde6d0b10d8d766d9b0234e09144f2a5147878

SHA256
68b187fbd920ed548651636b2391d7dbc187e1c7052d3f039a5f95640d6092b0

SHA512
f80bb474c7ccf5f24dd1e09a76953b3f4c6b7fd78350fc9c0ed2d13f684a01ca159d79b9ca144e48b472d0eed427313eea8611393ca332572f37a87f97cbe761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
b12f8e7fa866ed67e90814d2a1b01f04

SHA1
1177eaf4d6139f5e681e05ae81a0a2d519277183

SHA256
07ccb98b76eae314e9b8d5f3d7d53f7456064fa33c92331f4e1c31df7107eb78

SHA512
4291aa9115a7b86a51a5ed6350c95ba659ba01f6864c1c7bfb53651930675a0a2561f176ed842e3a6f773772ae52c6fb1eae4fd4b1f5ec36c05e9a8300545faa

Download Submit