meduza | hxxps://www[.]mediafire[.]com/folder/pdvnpt1sbe0w4/Software

Analysis

max time kernel
570s
max time network
601s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-11-2024 11:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/pdvnpt1sbe0w4/Software

Score

10^/10

meduza collection discovery persistence phishing privilege_escalation stealer

Malware Config

Extracted

Family

meduza

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
420
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Signatures

Meduza
Meduza is a crypto wallet and info stealer written in C++.
stealer meduza

Meduza Stealer payload 5 IoCs

resource	yara_rule
behavioral1/memory/5552-664-0x0000000140000000-0x000000014013E000-memory.dmp	family_meduza
behavioral1/memory/5552-665-0x0000000140000000-0x000000014013E000-memory.dmp	family_meduza
behavioral1/memory/5760-678-0x0000000140000000-0x000000014013E000-memory.dmp	family_meduza
behavioral1/memory/1512-778-0x0000000140000000-0x000000014013E000-memory.dmp	family_meduza
behavioral1/memory/1288-823-0x0000000140000000-0x000000014013E000-memory.dmp	family_meduza

Meduza family
meduza
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Accesses Microsoft Outlook profiles 1 TTPs 15 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
399	api.ipify.org
400	api.ipify.org
406	api.ipify.org
429	api.ipify.org

Drops file in System32 directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\SRU\SRU.chk	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.log	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUtmp.log	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.jfm	svchost.exe
File opened for modification	C:\Windows\system32\NDF\{DE394C64-86E4-4C40-949B-9793F6844AD1}-temp-11092024-1153.etl	svchost.exe
File opened for modification	C:\Windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4050598569-1597076380-177084960-1000_UserData.bin	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.dat	svchost.exe
File created	C:\Windows\system32\NDF\{DE394C64-86E4-4C40-949B-9793F6844AD1}-temp-11092024-1153.etl	svchost.exe
File created	C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99b641b1-a396-43db-878f-0a458b1fd8a7}\snapshot.etl	svchost.exe
File opened for modification	C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99b641b1-a396-43db-878f-0a458b1fd8a7}\snapshot.etl	svchost.exe
File opened for modification	C:\Windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin	svchost.exe
File created	C:\Windows\system32\wdi\LogFiles\StartupInfo\S-1-5-21-4050598569-1597076380-177084960-1000_StartupInfo3.xml	svchost.exe

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 5920 set thread context of 5552	5920	software v1.24 loader.exe	130
PID 2316 set thread context of 5760	2316	software v1.24 loader.exe	135
PID 4864 set thread context of 1512	4864	software v1.24 loader.exe	145
PID 3128 set thread context of 1288	3128	software v1.24 loader.exe	149

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5184	cmd.exe
3416	PING.EXE
5336	cmd.exe
6124	PING.EXE
5336	cmd.exe
2344	PING.EXE

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
5424	ipconfig.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	msedge.exe

Runs ping.exe 1 TTPs 3 IoCs

Remote System Discovery

T1018

pid	Process
3416	PING.EXE
6124	PING.EXE
2344	PING.EXE

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
1068	msedge.exe
1068	msedge.exe
684	identity_helper.exe
684	identity_helper.exe
5592	msedge.exe
5592	msedge.exe
5660	msedge.exe
5660	msedge.exe
5660	msedge.exe
5660	msedge.exe
5552	software v1.24 loader.exe
5552	software v1.24 loader.exe
5760	software v1.24 loader.exe
5760	software v1.24 loader.exe
1512	software v1.24 loader.exe
1512	software v1.24 loader.exe
1020	sdiagnhost.exe
1020	sdiagnhost.exe
2316	svchost.exe
2316	svchost.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	5552	software v1.24 loader.exe
Token: SeImpersonatePrivilege	5552	software v1.24 loader.exe
Token: SeDebugPrivilege	5760	software v1.24 loader.exe
Token: SeImpersonatePrivilege	5760	software v1.24 loader.exe
Token: SeDebugPrivilege	1512	software v1.24 loader.exe
Token: SeImpersonatePrivilege	1512	software v1.24 loader.exe
Token: SeDebugPrivilege	1288	software v1.24 loader.exe
Token: SeImpersonatePrivilege	1288	software v1.24 loader.exe
Token: SeDebugPrivilege	1020	sdiagnhost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 4680	1068	msedge.exe	84
PID 1068 wrote to memory of 4680	1068	msedge.exe	84
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 2436	1068	msedge.exe	85
PID 1068 wrote to memory of 3360	1068	msedge.exe	86
PID 1068 wrote to memory of 3360	1068	msedge.exe	86
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87
PID 1068 wrote to memory of 2388	1068	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/folder/pdvnpt1sbe0w4/Software
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff996cd46f8,0x7ff996cd4708,0x7ff996cd4718
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7344 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4200 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1
  2⤵
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8808731166294118233,15456823915950099909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:1
  2⤵
  PID:1788
- C:\Windows\system32\msdt.exe
  -modal "262818" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF20C4.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  PID:6044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2044

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"
1⤵
- Suspicious use of SetThreadContext
PID:5920
- C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"
  2⤵
  - Accesses Microsoft Outlook profiles
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5552
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:5184
  - - C:\Windows\system32\PING.EXE
      ping 1.1.1.1 -n 1 -w 3000
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:3416

C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"
1⤵
- Suspicious use of SetThreadContext
PID:2316
- C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"
  2⤵
  - Accesses Microsoft Outlook profiles
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5760
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\software v1.24 loader.exe"
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:5336
  - - C:\Windows\system32\PING.EXE
      ping 1.1.1.1 -n 1 -w 3000
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:6124

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Software v1.24 loader.zip\ReadMe.txt
1⤵
PID:5128

C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe
"C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
1⤵
- Suspicious use of SetThreadContext
PID:4864
- C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe
  "C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
  2⤵
  - Accesses Microsoft Outlook profiles
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - outlook_office_path
  - outlook_win_path
  PID:1512
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:5336
  - - C:\Windows\system32\PING.EXE
      ping 1.1.1.1 -n 1 -w 3000
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:2344

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Software v1.24 loader\lib\HikariCP-java6.jar"
1⤵
PID:524

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Software v1.24 loader\lib\HikariCP-java6.jar"
1⤵
PID:1276

C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe
"C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
1⤵
- Suspicious use of SetThreadContext
PID:3128
- C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe
  "C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault0e6efae6h0358h46a6h91c0h52edf79dced4
1⤵
PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff996cd46f8,0x7ff996cd4708,0x7ff996cd4718
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,17618507612175817369,6885199037232831087,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,17618507612175817369,6885199037232831087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  PID:5448

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\jre\THIRDPARTYLICENSEREADME.txt
1⤵
PID:3248

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\jre\THIRDPARTYLICENSEREADME.txt
1⤵
PID:2344

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt
1⤵
PID:4236

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\jre\README.txt
1⤵
PID:388

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1020
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:5944
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3536
- C:\Windows\system32\ipconfig.exe
  "C:\Windows\system32\ipconfig.exe" /all
  2⤵
  - Gathers network information
  PID:5424
- C:\Windows\system32\ROUTE.EXE
  "C:\Windows\system32\ROUTE.EXE" print
  2⤵
  PID:3936
- C:\Windows\system32\makecab.exe
  "C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
  2⤵
  PID:6076

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:2316

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
1⤵
- Drops file in System32 directory
PID:3092
- C:\Windows\System32\rundll32.exe
  "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun
  2⤵
  PID:2800

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
1⤵
PID:3932

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\ReadMe.txt
1⤵
PID:4960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
67e486b2f148a3fca863728242b6273e

SHA1
452a84c183d7ea5b7c015b597e94af8eef66d44a

SHA256
facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb

SHA512
d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
fc18148e7552473bcf27ffddf6224eff

SHA1
b00fde63f752fba6609fa8062a4ee9954b35f81f

SHA256
e2052fb9795f491f1c0db173fb7deb7a0e857478ce34f541ee5b8dd06fa86d90

SHA512
eea7fb613676fc8444324b5c6f045f1940bac50bcb761f7c6a9afd59347a9ecf0bf039b5816bfc5c51fb2acb37b39efe5e9e5dcfb6a20b017853727a9b83b02f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
f810cbd7a6a3bd76505189595423c5ac

SHA1
a2dddee28fb6b499a5bdc5e31bd66fd81cd602fd

SHA256
bd9f3e083100cff76872aabc5a3852332170c37e96923881cc246e0d0e4a3416

SHA512
92d0386b06c71d25c285c647039ecb5bf0507786bfa6e561f8698ce2f962817663c405915eda311827972ca41b6a7ae705aaeda6de1ce06ca888d23fc2d95793

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024110911.000\NetworkDiagnostics.debugreport.xml

Filesize
137KB

MD5
b67dac332ed34a0f896b50dcb1f4f3b3

SHA1
bb760ddd31372e24fffd7f3e1db14d3d948f7db1

SHA256
3ca40f012eab5ee22845f1a47075ba4fc757fea3ef2af33dd74858a8284e3bdb

SHA512
01ba495277269daa7a655afca62bf18cd59d338ff87619fd9bfa126d5556f33e8cbc2796ec73bc234c7033f882bb59f801fb4edcd37d48dbaebc6157f9afeca7

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024110911.000\ResultReport.xml

Filesize
37KB

MD5
67701bd58a35dc45cd5e2eb2addd6ceb

SHA1
def42419a2cd0d658fe9317c6744080e51b52f68

SHA256
23466a356a4b1fbf28779bd5e5117ebf4d1c63d23b344e37dda826d4821622bc

SHA512
b86d104561fc8c61ceac1d79fdcc3284c72f0f443b878684e21e01fa859f90596040013155e7e6f3166fb63d0429a52de27343d9b00b10abddca825f1d8c2c5d

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024110911.000\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c6974bcf6eda558ed06e7b37af41f6e5

SHA1
37ea8e0dcca3bc15a0205a82ae6538270ca9bb43

SHA256
a30728377962e289338b7d5cbaf68c6f0c18f4209a331b752de1cdaa15154900

SHA512
ab58a40e6e46169fb3e1b88522eb1be84d9ead9c5de188df20f8e1b140ea0ac2be568a30c76ada48ba13971d4e1b2e860a6b7c92e7e6eb40606f8659cde7da88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
62KB

MD5
f79882e12fe87d482fe216d30ef3c93a

SHA1
e3031f2d694529705d8634b397815cd907fec24d

SHA256
c95d79ddd197080d143fdbaf458ce6d653621088f2d16827b3037f4417a32f61

SHA512
075f20268aa1b46fd322da5220b1705e42076d6ee681417bc95d5e900c6ed9929eca102796757e5db387db56ed2e97937e074b5af75840e55b018623c0a845c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ace8891be2fb1b7_0

Filesize
268B

MD5
8bf545a833a0a80b3cccfeb2d4911350

SHA1
f11cda8c22f2ee88150860286d26f1e81c688200

SHA256
c4f286f041f7188683400ff05038cae4b599d3bfedd66724c875fd6776e2f0be

SHA512
4d944af5112ea38882fc42b31c7218bf8077d5bb31b5e82dd324435d0854d1cdb88bbd1490042e494595dace09517b51de7deba2670167f2c6e8fe42d6c701e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a77328c44022353_0

Filesize
23KB

MD5
b726749a23ca330d867a29498d15dc23

SHA1
47071cd6f58696c402b2ee2409b1ef7fddd48608

SHA256
e172043a9293965a70d456b442c331c70f1c6263b9d3244477c77887ce08af13

SHA512
ab483467edbf62ef749d869c54335357c0dbdc140e245bdd1f03b36282332d0f16e1f9a82c2d621ceea97e25d83bbcf99fdec7a53cf1776328341ed3db135f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9501205598d9a506_0

Filesize
54KB

MD5
15c82a210cb57ed18e90bf93822f45d8

SHA1
8abe20b30324b5eca2ca1886a7023219f25636c7

SHA256
a04b2eb3ec561f327d905c7481d6ffb55e76a00f1f91bb141ead423f036afebd

SHA512
4c34e094a0350e23cd6cf2a7dfe524c536345e52b3efe76c2acd5c088d92b2cfdec2336c96c14088703c9349ba79bc3774dd86d1b52ca220ff7620f418ed9592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a6d1963d9316db9_0

Filesize
341KB

MD5
9f435723e492069f5b87b763bebdc7fe

SHA1
962ff7ea99448aef36f633b5b479c0d2c1207903

SHA256
c052502f8449d6c0ef4ecb6efceae73bcc20903d7d4d9053048794dfc2f37987

SHA512
cb80d2677fea09d28c218e3024e4fbd9b2e7ea7b0dcb7d2bba4b0ebf3d4545e8505532fdf58514800fd765dd86f196079ff7a6ef49c23f041db208ca26a004fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac29195a901ecf92_0

Filesize
278B

MD5
caf21b302722d08ccce647d14b528993

SHA1
724563af5f55f71c3d4bbc993f8734d2d27c954b

SHA256
1658b47a8e9099cc9b9c70593a171bd866dbedf1d80894b2ddaac364fd471bbf

SHA512
2914a2143dba3e70d13f79e889ecbe0de2cc42594efccc6fd85abe13f360c863795553205843a1e7d95692e01173ea496b804813acf42dcb3915a11df9d81d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dd7d1bd103899406_0

Filesize
158KB

MD5
c1acf9df0c7a7a152bfaa0b0ab27f6a7

SHA1
309cc63009934dc0eb2ac518a1d810afdbb122d2

SHA256
c43a591826f6471aefbd2dabc577ceab12146c6190baaf39e4bc76d71c5238ca

SHA512
f4d2e48177ca83a7073eceb135ae27159ef93c6db1b55a944629b7281df80ef121dc300bf37141ee009994f94089fd03f654a29a947704ccc81a0e15d9807bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ee1ca9dd9ff6a95e_0

Filesize
14KB

MD5
a73807272e4abb1fc3c9a3773480723d

SHA1
5b1b8b45a0acc974de27f88d356554cbcdba4181

SHA256
2b27699fd9281bd71bd5ea9b1d8bd7312842604b20525e00304c5e6eedab0f76

SHA512
0573d01c8b5986685da27aabc61d803a516a0dd3c895767e85dfd2bb6c88b4193af7b2d9da0b31dd7c573878506ccba8fabb4a3b02a0ecacaf2711d29bbfe572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
4782f6d9df9713f317f184eac0ddc907

SHA1
0938fcfe87eead9ac17868872636af66c30228d3

SHA256
8f2518173641c2515d1098fd4b7fa6f59bfcdd6193fc20e12bf931a33d06bb45

SHA512
359a376cee044e49f0d44d342d5bd1d39f20adefd6f72b6dd66995e8657964b10d6404fe5395996ef6a41a5ec55474301cba830d42d4448ffdb6e785947cfbfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
92dde571ae996f045caf0c18bada0a83

SHA1
92a6582a7f058453de686b15a9912f1934288a70

SHA256
3f2d91c1505ca6e2eef2a3d5463b64fd5bc018540edd6880a765379b53462e51

SHA512
91179c7dda1e9097757179f7cea5b4da3cbda073bdb8d168be48e5c8bf1c1dc41124ab68b1d9583f8646aac140a2fd5bec443a2342527d1d12a1307e31b0a9e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2ea431a4932a61bc5a66bc9bac8c9b87

SHA1
a189bfa10185d7af641bc9008e21c6bb566405df

SHA256
eab822385ec5b5e8eb7e0cc594931c58273c104ea8cfe9d110b602ec2e731c21

SHA512
484a68d5b4f93a71d1541b15f7d46f3288c897f4c67996c09712a094a9ba339e19c8bee94a8ceb629e1a081e0e667de99371e8b352770849d99c9dd2f14d67c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
da7590a6f8336d91e5c5587dfcad8079

SHA1
14357808b18a1c7a0de58771e84549f343e49701

SHA256
7598f6e12239ce26d67a7a62fa990dbcb0295d5d869b296e659206df9cde3067

SHA512
fa3267cc450193dded11524a81ddc792db7514f48b39b8667f731af873f4a3aa9723d731abce8ea48c5ff1c10562fc11cdb2df9022fd6bba14c5e1e0aa8c0f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ce9d8c57d631a0d661b3761faea32b79

SHA1
daceb8c35bfbf5cb36b08b148064c360adf3026e

SHA256
83e5a05a19d72d2b7c07b164d9cb72bc2ceebf36b80fe1940ac649ef6e5ca4e0

SHA512
70616f6549d3f5443485d977836c561cd2dba110f99f11ce7bde96bb5fd5e52a22ec94b238f9ab0d51a1953cd7d90dcda6d15b070465975bd38430f6574b6faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3a4ccc08151cffb06ca2919b7450b427

SHA1
d9c647f61e03cf201fb9bca2d8e7ef24f0593259

SHA256
0187fbf12d2dc3685cc0d42a829e64e43610a44649c7d1b2cfbb806a952319f5

SHA512
d4d7621781a4749a84dd63a30e5e8ea444b8c7143e3e30e8f5e3b70bf2dae3b89a134f927192b4675c09a27c45c554e2fc349da878418b481938d39ad34a3228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7ef3b041c35c8200f9f7b4551b48caa5

SHA1
7c9014880c6607d7fffe721b6786b6198e567043

SHA256
aaabd36c0d0704c5561ef632293a59084c2eb999018d464b300e6e13fc7a9718

SHA512
3b5729d344e5beb73b01f5c661a312c69faedbdfdc266fc7b15d7f90357f026315d412bf8a936b2f8b64a5302bbf8c4133bd0150818358a503644238790b9534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7f09768a27ff18bd909a974400ac145a

SHA1
cc5fe6e22ae6195ed8616c9b8b80c3700a99c286

SHA256
413f74b02952a76f015beaff2776221a31ea03d34e73eb393f5109310d052dba

SHA512
e8c0e2ded39e15f9c6f624b7fcd57ac0245cde5894765ac434d8279f923cece23357b197aed8dd3a2d9f4c6b437b374a8dd39494f001535818cd8a2ff5284be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
756f5e031460316658b2a920a27aace5

SHA1
f3f840661f03863aac8ccfb262a400e880e7da10

SHA256
fd493c3811afebe3047ae4d5f6424496bc40446a3f997eb7cef8371d38067491

SHA512
a79c20e1e949ad79da63c60bf773240b83f076a2d48954ad2834e57ced30161360e8557f7a4a4a84485338973e9d887533994a6c9b9946718e83a1d904e3d9ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
36KB

MD5
43dcbc5ce0b072ad0a09803591a02f94

SHA1
eb4d75ffa1dbe57c7e14b7e173e991c84fe4696e

SHA256
eb474b31e0cf2fbff5d59e56dabfa20166b5d0bb603c26f7623f1f0ef1147e79

SHA512
a16e99403fc3d128e9eda63d14c2358f8a79ddf97bea27ac02b6335d1db642e6917a5f9aa9e811843cb2e1f447ee4a71f3773b1ede90f0f822b78af81be4c39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
36KB

MD5
52fccf8f07c5031b53b8a2f0a1351ba5

SHA1
d794cdac43df0ff0eb54e70f561ec2b46f6a5310

SHA256
9d6ab386da7c77a3decf275dffcba71df2b9f9b1798d92f50c6bcdbfa1de621d

SHA512
a0bd565cdb558becec8aea9b8e901ddf2b050936df978f6b25398d08cf6fa269852a6d7a972bf1a6c8e2d597b55eea731eae98a142be4f2c12e6d7ad28915ede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
156KB

MD5
1cb107e3e2a02978932507dcebb303ab

SHA1
d229575b8bfc959c0ca4d4700f247b9ac4fad63f

SHA256
eb1e885e77f4abb68f638f78e68bf2c15af1d8bf91a6de9414b147f9118cdc2c

SHA512
ef65e4538e0149cdff7496b41e660a1c2843d0d575fcda0d8194924e57a8570b71acf6840a67119b2d5af6f74b8660b5b638d336ae3ddcfb978d211674206e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
4KB

MD5
24f384ee01c00f87fa2a42288df4a7c6

SHA1
74e7af9ae7d37b02584edb679ed673bb1086f132

SHA256
76373e0b8e1079e0b8f8237037da6fa9a67a341c76ff86817f5597568c07e32c

SHA512
99a13a7a57991565f0b8e8fade07d042dbededbbc24c0e229404870f66bf0a5d9c93d278eb41280af16563f43a0793779f9895a4d6bd5ec8b5c78d1629447b0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
9216fccbeae96addd7b1b8c15af46d96

SHA1
24cb627e2662e7212b64d0daa11f462632464b31

SHA256
cf279e33640e6a19a880cd1652275e012f5aa63ecdadedecbc8fdcb2f36b71f0

SHA512
9d44c3b0d243b6044069fddb288c0223d695b07a2cce7550ebdb2ddaae136a3097fd426b9fb1d1cd75e867b4a2981585d7c07d9ab86d464067889cde1d05894b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
3da838ccc710d72f16abe788e4d7ade9

SHA1
a4b67206078863f7a4ac6eb7da62fa55d2ae9ecc

SHA256
0b0ebca3d00655b1c43ffc3c004b3463547801d7839e3dc57cca64622329e2a5

SHA512
79dc74850e153e0bae5ae7c91f5814cfbe231fdfc408e82e311b11c34f9a3b22501e8912973ce1fdc95264f9d0bcc36d936dc2770f6b372969ff9dc87c62c0f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
2a6924a2c07eddfa26a1a2875e3ac6f7

SHA1
a2bdd51690326568eca00ba15939d1a98b49068d

SHA256
e1a3a342cfde551e50e37e15483bf7064472fb86f2d9f5366171c629473d79c7

SHA512
5c56ff5ac7eafab0bd13ee62a77f1b600bffed7cdff7a296e632bdda129de56ab2ed32cc475170ca8ee8cf1e1a865738d383698a77b0d75c92d004afcfb1a439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
45115ee41e8a3a6d814f5586b929cc28

SHA1
81ede6b8717b42acc44283c9c2fdf82d0a54cad0

SHA256
709b55ea954d36850838f63af51619895a70d8c83e21e3cd6bc0e8afda39d9d5

SHA512
351f350df552aba8d59b7ec0da909508dd5b23e81c3fd7ffe98b731469278a75bc8f68300938767be3eea5c48de59f2252853f7606291915e6612eeaa9e00512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
173c865cb5b95cf4e818c0a65bb425ca

SHA1
94b74687ce3cc8591b68b7fb9404c70b17849d79

SHA256
c8d21d60183984a0cb6426770cb362c147a76b60540e80d5dffca2de2b66fbf2

SHA512
3423081d00bb9cce564a6a43dbdffdb6828b3e944654f4122a51e24e5552c55c55b8db25e6714b83ebd80ae601b5147991e6e27ef6e27b782a79b862adbb39db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
dc1980035f9c50a4b9b81198066811ff

SHA1
053b6681de10bf672abe6515acb733eefca7139f

SHA256
28913217155ad5c3dca5bf206509c8979dd33947ffd73225c8930cf72aa7181b

SHA512
ec8c1927be77a86b37beece682c546cc127622f6673a8c72c8807a14c3bf0e4940b2ccfba8276a671d96c7f6d12f85f7501c785ad19ddb94574ce8d766ce71ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
d79d123a31a766e2805c113646990e5a

SHA1
42f1e4b75dbd2471602f49ba6917e8d707247acb

SHA256
a3bfb4cd490e5858811b6cb79afae816ea8b73a4b73d5b69b77ca01cbbd41334

SHA512
5fa9fb69ed3db9a46fd884c624431c3f602708ee3f414937b9230605d14a7cfc2fb765528c0b761dd0c4ebab908b118d021840040d434df96e589d588b57d6fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
6c6a8d97d6f62dad1adea1f18407c824

SHA1
45d65f80597c44da851e6d1a782ec58229086fc3

SHA256
66c8f9401aca6d74388534a00799bcbd3840fe8ecf008922b620a0c2a7a57dcd

SHA512
20b9a2a5e7788feabe6bd0f9e68604850e728cbb5647884cf108435fef922e0071db127bb97cba22497fdbd9a7f2ed8968f627d5a8367c8c20ab8b7ae2dee20f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6615a71dbb62391b9bb22901f17e2138

SHA1
719455ef7777df2a69921773487aeea98fd8d722

SHA256
bd2554b4028abd2bcc95c26da8c82442a96e55eed0559385d686c8bbafc143c8

SHA512
6e172f9742fdafda567440ca574aa0e2d85d2ffa2a6652c36d9b220b40fb5039e3ee4308075a7a0ef73357d7ea63cd27f9726fc43277f6a8b453aeade4916408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
923ff56fd5f2b6265f24ce83d893c831

SHA1
bb994d5b73205e4c2c75b2471c658c12c02eb3a1

SHA256
e31f216130f0d6ef92e05a37347eb82bf9c0675e9553d3a5b3a63e763c6d3843

SHA512
9c8bb5e36d6b68eb6068a054b5b8509a2b8d5b277d619ba635415b618481e5d560187f4c5b061add16bb23472cdfc28e9c2170841dd9fba7187aeef2135620b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d47e661791b1d5624b68d6de765e3200

SHA1
db25243f419296821ce0f593a913d04b44ca6332

SHA256
0d84165c6528622a3f9307e0187b6f35f41a2462d4958347d1f178b9c3595190

SHA512
7cd992978c38b53fbf49789b33c26e5ab58bf0c8d12f5c9981a4bcef8a032d53e2d7b5267109cad79d23563524844631dad2ae886ae3f3dcfc65d06b5a989bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bc74ce056acc7db7133ee57e8b5f7b43

SHA1
e2f174981bdfde7420df08362dee1a863b7a1431

SHA256
9950083cb81adfe67ef394da0d15a2cdbe1b34ac1dff5ad013db0c2e1449a774

SHA512
ca02d1d9d0d9c16d502ba427ed5d6139e608f0635baecfd64dc838956b8e5acc176b07b895d7da9c883dc89549745d18ca32ea034cb48dd1d3359c3af2e2263a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
dab61c2630467edbb7e4239017e241a3

SHA1
0342abd94145a8b32e567d9546a1e8f09d1ef972

SHA256
38b66f7ce3b4608898d600b6367f911a4b9c6bdb02b4997cbf4088a939dc4710

SHA512
c2338c9ca6f6913d461948ad367ca1a3cbd18ea670a34b27b4fc3f95a8d0b36ebfeb15c478adce2aba43149205f6adbd06faea4696f36ac3271f2c526bae19b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3f4b2118ec663abc395de0cf8855d17f

SHA1
ccab0fc218a34ba972befe090066eb0380e346b1

SHA256
883ea7a9cf503ffb6dbed841368815fbaf6e12c82924cd74dbd507589d14e018

SHA512
b95fcc10e8008aab53c4a767afb1738dd06c455df3a5dc491136e67b7e01a73e33ad83f9cd87aebffca8b21b9216b08d042ba18ff07fbb50b98e692c248dec38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c309031a56ecca66eb7b99d3b909c4e5

SHA1
93ad75552a914f7e9931155bbc02d27ff57d5c3a

SHA256
d9f4d1efeb8ad80cca7a15c6bcb614710301e66531644303370cec5e88928263

SHA512
45a11f2319f49b4fbc9abd3c45ead7e8d8876f54bff35925ac28532f043e63d7da15846c5eb9dc2bfe46436a738934b486a685e28887030a764a4aa078d490b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
22a821e3cfc56b676fc5b557b483bd7d

SHA1
a789658637ef4f96ee3e9078b13db8959f03b128

SHA256
5d33cb1d972d36341d2ab371b59d9f67a733ef8b6e374d38c621e463c7e8dcf4

SHA512
51584226c3d01522465ee468c18e54693c6bbef41b8ec993d1123cc5d72d561ceaf5f3180c2fd365118f2773ac856874ff5367bbec2d8c9995536be4ba9c6b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c5e5f75f77cf932f48bd6e253cdf3075

SHA1
ccdcb688389ee621527f53c767acd37f4c2008d0

SHA256
1bfe6ceb13703cb7b5e07871cd0e52ccb9e14b2e4ce00fc63f24ff2601698dec

SHA512
506ec380ad060aa83aa36d18b33c2ab4fcf1a636cd94bd7ce1eec7ea4f7b1f0e3c5e39cb1bc126275d928205c1ef426ae82c77d67aebeeee24bac4eace206c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
138e79ded4c7d0cf47f6284d71a8cc20

SHA1
dc7ff67a99d7a71f7e6f15799967aac60e70be0e

SHA256
f7a7c3a7a95fcff6c43b1d5c845cde2b6a116ea4b9a018d06bbd498ada8e3c7a

SHA512
8370ce5acf5494c21516f97ab49ff82bd7252c8a93f4ce684e732eb4c85c0fc4a3b417542c9f2f1fd24e420ea419b59d3b2bfe87bca2ef64a4d0f29898fcd4a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6bb55b28ca38035fc3a3d1190ec08a72

SHA1
e8705958f6c3b8a01a21cdcfdab4d552f0355756

SHA256
dff04a9630fd310ee9d66b4671b1b83c6cb40bdbc154760ebecb3d89fdeadae7

SHA512
73e0d4b90c3a800147088604248c715d3cb7bf7f27add1cbab7a8c8559a5e12d2fe631d414d8f19948ec3a67d8c66279389829f3dd516b86d351d7f300b65c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
12ae53d237ebc4ceb10a76dc71824661

SHA1
b173a7acc35d9ca37cdee9230ccd9f6854adcc5d

SHA256
fdc08795c2998412d3a282c87343ef45e5abe7d7cec458638baf1baaf9e41326

SHA512
cc1a88745ec61eda050290b2c1b614c55b8037c0c4aa80cf3fca775b8c1a7f8ea39f74d60f283961852e8c113885a0c459c188d269c03946a4a8cece8dd2fc56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7ea7a1214c987cea62ba8af32efc91da

SHA1
b1dfca75507d12c9a202c08170d2e08e35c95bc9

SHA256
eb1a6bae1e368479fd983f35282f6f24cab440b8b05fdada4ce156568333869e

SHA512
994ec32a28b051c5fe966203d034e29b3172c2675849b6f24ad282249a75a7d9784735c971e6ae9b3e481f6e7a2307b98f4dc6475c576dade1a988ac90ef40fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8f590c8227b547c6dc609b591445241a

SHA1
7cf7eb3358a0dc667a22f23025335a3354a546c5

SHA256
2c68f5463d67cc04c0ba65d486b2f573a6d54f497f831c3925a2ce0a0db30f7e

SHA512
4298602753770f8e8c1c4f1f9197bab8800220d46ea0df4bf4ec56c739aee1a952ebe67eaa106deac0bcfe3822621e030c0f1ba849e8f379b4589636ee6090bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fb4df48d4c6f902a48234263720e948c

SHA1
5cd5bb085e2261db28e6586527f0320251e76627

SHA256
0fddfd25168e54c85db05d5e77d3a457e3d25c86e14b1e53483bd9388c6314ab

SHA512
473be6d9964dc3f5c26cd63475c0ec52164f3788bc33b946fb2ffa46ea45dfc8956db4de1097d4c48d119faa89623085a73065bda72b683dc3fe04eab5afe235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ffd8340510f83ba36c307fab9cb78fa5

SHA1
c278d458c67c512f865d480d96396b0b1974e4fc

SHA256
cb8478e681c6749b56ce947428148d333a9d7b196cc62bf393585de486865f52

SHA512
2efec0d6ef845ede757e042e8d53dc3ed874b25c929c064404e4634fab02c0459a918fa9b080d63d625928eee10daf00b7db1f180602dfc0f072a03952fe37ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c93b2b16c0e20bbe400b884c90cbd891

SHA1
33693650a7afe61761c3930ee29ed421113de5bc

SHA256
5b10eabaaba6636b79ec0bf5d5819d1fea4f4a662215901ca121f486e45a493e

SHA512
1dcd7b604bd77e353821ef99e014920bb4f94052aece47c412511ebd2841dac5ee78605bc78898973aa6850480d61460d449e237b8f6bde9be6fa56b3e13f1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
02ef47d67c198b8f6565c10d51954fe9

SHA1
18b0cff4431b060dd419565378b41a1cdb08bfbb

SHA256
4ef097df39a49163f7d6d9cd7ee8f406d88bc8ed12d69979cb1ede02e7a36eac

SHA512
2387181d34c791897cb72a6fee5b1dfc5f1ac8f6fb572f4eee33b062df6ad5f92fe5a722e1b0fbed541c7f5032aeb1406f963c5ef9e75d00f24175c25d090a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ea1304041d7ae3733deedd5901074457

SHA1
0b4104e0beda78a182adc894c29c564fefcb05e9

SHA256
f4c42a4b974cb6f2881b384fc977f6f97ad6d78556270934d513da0691a8540f

SHA512
4a932c8a4a45adbbc4aa4ab87626a95a775b89dab65d910e1240330fe8faea7fbc40fcb4e9b6b0b81618e123e541a1c2bda96b23e80b35b2c972983021be3a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3739bbb057a9780bdab986b4e629a1d2

SHA1
1ae44eafa028863a8b7c4ff6b709be0b3252e603

SHA256
6086400ce28d58183805348539c94320ec78dda45e2d1828bf7a7f0df2a44a3a

SHA512
da2ffb6b6b7b6825e7ff8a8bb88139c9c07a6c590c8d811d35675d2c57e0aa46850420d2355b47068261e4d131c30ed3a81bf35c0ea13508a231fca25d88a778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9d4107ff19d8700ad62f581e3e6f5220

SHA1
131a63828259f2ec286aed3d6902337dbb5ed293

SHA256
9ea1f05e9d6c5cea540c13dad249bf30a5ac19085cc6b458dce80e63ff836657

SHA512
d6e2b80c8f67211cdc67e710db2833752ef49d7931df15cd1f4bec597b5da59c1fd8db46113ad91350e7c494db7540fca7772395a04a01d4a54e299da00115c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d97.TMP

Filesize
1KB

MD5
ce75da49e523f855e1c093979375aabf

SHA1
0e64ebb6b782c418e0d9977ac4675577c38158a1

SHA256
7e9181af02727654e6af7e64b1eb42c24e3d62f9626e4a1ad2b8dd27ad808790

SHA512
98e8a8daf63254937d61eb6f8ec79b03aaa04c210f600af4a23453bce07162c76bd308b2b943553e8ceb24f7cf95764e86d3e9b263f1ac813208c05f910c7249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d5754cb30d7cdc29d05efbfef51d9071

SHA1
d9fc281a44ec888b5823d5cf2c755d2594cb5b16

SHA256
3e3836d4f13a91a4b530576b33bcaee1ded85dffe1d68b1e58a2d2f079e58581

SHA512
c9b3c4b99c0b63e7586442e292f7c89a5d3e4745ab100b953ca5f6e1f398bb8ec2c069c39e0a72b5d4aed4c70d2cd4dc4a1b0ce1b47965115a5abf0b48b182ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2eb96dd0eb3e86d926753442c2d09303

SHA1
b1af60915c28632ffd9cda5995a5c5448e84c399

SHA256
d83d828f26cba3679013d7dc3422d4ab12ec768db02ae7889a73f5d6e6cdfadd

SHA512
60ec55cb123e19f3ec46f68091927b0ffecc43345ff16a8e15cc019449fe1efd8f6eadea6a157d753d322c0a4cfcc325f90aeea298bc94ee42919b26d644ba2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a4d63cb336632c0a3997a59af7226af6

SHA1
ca01c78b9c6cd5154b29beecc2ca271f139695ca

SHA256
62bb627493bdfd499a1b60c1c76fd9e90f26039956a36b8dab26d4747a70cb7e

SHA512
7167fcbbcd0b59021868b382ea653f001e250eba3fbdbcd8e01363579b835954ccb7cb866ef96894a0d238c68b0f717da9dcb51123c20e9fc14b6c91b31c08fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b34fe0d36f6a7aa549547fb6a6168ffa

SHA1
39260253b7c4463a13ed68f36a627be1de97110e

SHA256
3891ba111ce05d9308be9aed4f7e77634ffbb546b49ad66e9ca8691eee8b440a

SHA512
45bf5867aec8f8a2ff7a6b92faf1a6682afa12eb68db11859ae31df15826552ac17cf85c51ca571b4927fb82488f603b86347561d9f52d18d511894cf6758eca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
78cc65632e74f69968f26bbcf60f56ea

SHA1
952258f43a1c0dacdb1e2704f0bda04b283a46e1

SHA256
b088ac9ed758ea9fc81f3dbcaa5a103acf0f52839b72782bb8f5f265bcc7aa08

SHA512
2e2bfd85a4d2fe93b1545124312c7c0242c1aefa7359f22ab967495dd7353968f5b31d977308715e713db7c97eed895f7103d4309a3cc3868aff6c5770f87211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
637495d5a662f5c9a0bad222186c9ce2

SHA1
05e627ee5657cee8f0d3f7cbcc1da2c37ff3e685

SHA256
7ffe24788f3dbefec1447df58e49e171283a1c85aa87c37d4df06eff0d0ec71c

SHA512
54d9094a8c7e89483a744bc71ee7d5d9538478ff8e6f9c8f2c09106d35c0897bb89a765aafed3e032ea4cf6eaa654b3f0df5fb87fcf485168267d5b66e35f069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f03a238e66f0c181cf2289e853b181fd

SHA1
d5a94040d91c52e718272e46a3b219ad3ca40b20

SHA256
2ac4d0ee3338f9b7430afb6daf4e4dcefaf2f57c92c03201bb3e956c21042f21

SHA512
556c66fd652ae44a03603c108ae90e1e383febe1d6ed11f738c6f15e4a63635f198bc95744e8b428603ba877786807c5ffc85567bdb285c6b3494c0ea51cfcce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a46a27ef8735e309889338c120cb1613

SHA1
bb2ecd16deac028b65c55e8c36c87e5828e2f76d

SHA256
ff26157f2ae1dc5fdca08acff0c55ed78a4b2ffdc980146699bb0a2bfb42e88e

SHA512
4d531a836270ba83863d95dbe48fc32e212a2ac6316e79b1dee1605c2497370578caa3227b5935cfa7c72fbc6b269b77a2672956969e6a8d42a2a9d719f30e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c9e5a40666f02da127173fe7f793802c

SHA1
f473459e09216bbdc4840346d544ba9b40e4be95

SHA256
717a660475a36199f717dcc1cb6cdc69e3e9a52d867aa1c8b33752340e07615f

SHA512
2d7a6321de4fbc84761f52321d91adfad8c854458ca1c781d2513e86abda889513295c18d66f21ddd390c2eb0967a9ddf7b9348665c1b033eb2f2385c1c45f96

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDF20C4.tmp

Filesize
3KB

MD5
33a8ab12d71313916bc59d0ad3f64301

SHA1
be919937916f703c67818369be560bdb0b33f886

SHA256
9616b50d73d21ee9f4121de04bf379810d5533a0fcf98e8c8192cf0002558524

SHA512
7acb3549e6fbf8a3f7b2402c2dbe788bbe856cf812411200de9113254a06b7c85e81c7e11c561cb186d83dd8f98b792b29bb29846eab85a8723dbb0383d172ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gxxlromp.x4q.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\NetworkConfiguration.cab

Filesize
1KB

MD5
c05ff7565bcbb2baaa2b279d7bdd4b02

SHA1
923d2630a48a63cb7b1d1b797c77734510683a1b

SHA256
861e4e47a9a4b36a72f04b3ec68d5aaf2b0ced0433ddac68a77b24916f16834e

SHA512
24daa9a525a5bc8a6b1d5b256e3b25026a1692e6b135ce01552f81c98cf8916929d5f21a3ad969686b736694a2cd71639db9c4ad9dcaefcd9548d2a8341154bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\NetworkConfiguration.ddf

Filesize
231B

MD5
00848049d4218c485d9e9d7a54aa3b5f

SHA1
d1d5f388221417985c365e8acaec127b971c40d0

SHA256
ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e

SHA512
3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\ipconfig.all.txt

Filesize
1KB

MD5
a6681610c87d6541f534d47cdb9b6edd

SHA1
8074179fb0242ed745910216b35e831740daaa3d

SHA256
50df0e3e08fb3a7da02f3b065c6e04522ef325ac7804b41db3350c0e19a9c5c1

SHA512
a93bfe335a7f59652586d7ed3bc8977cedd0ba9a082ba578772589eb214ecc4e95ae29a723fef03a5b0a5a13245d7df6509aaca66598a94f15c44bd31ba3b168

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\route.print.txt

Filesize
4KB

MD5
daa4cdb2b111bf64f897c5d983e2ac05

SHA1
14d4191523f2975efa56dfc271c92d4378239891

SHA256
9e3e1150b275f118727ca2897d2a0f1934b4e786066b4e538f9abe9159792962

SHA512
84b2ab9029ce0f0a36167f58eca33e260b3e25e8d0b19ca639bf9ed50949770337f283813782ca259768069abf3e29f438b7f99fca8650354d2f0d5685eb652b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\setup.inf

Filesize
978B

MD5
9b3b0b30e967521d6aa2166c8970088b

SHA1
6f638d39fe3bc0582671d32ae1d5b6d916db3187

SHA256
96b7e19795ae2a4f6a5c2a7b01b78eed31bb320dd611814ea01443b53f55eaf4

SHA512
6a85dca5581601667888fa03d4395c867036f169aa3b19b675c662fd4fc8462c062f527201aa02e0401ad2ed1525be44a203ee8377f2f88de0fd8ec72906ee51

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7EA4.tmp\setup.rpt

Filesize
283B

MD5
2339a5277880f07857bee166fc7eac82

SHA1
db99549b8469c20a3f356de9856a078e6733d9ac

SHA256
7813cc2b7b37819e7ef3a8843efb46bec01971421cb8116bce3b6a880609b621

SHA512
26a00714eab412b6ab651a9cbdff71697c604baef9f48d071fbe1b914ef9ab98f6b58621bedf1b52fcd02bdd1c1cef19efbc21bcecc88f46381370bf0b0f6986

Download Submit
C:\Windows\TEMP\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\NetworkDiagnosticsTroubleshoot.ps1

Filesize
25KB

MD5
d0cfc204ca3968b891f7ce0dccfb2eda

SHA1
56dad1716554d8dc573d0ea391f808e7857b2206

SHA256
e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

SHA512
4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

Download Submit
C:\Windows\TEMP\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\StartDPSService.ps1

Filesize
567B

MD5
a660422059d953c6d681b53a6977100e

SHA1
0c95dd05514d062354c0eecc9ae8d437123305bb

SHA256
d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

SHA512
26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

Download Submit
C:\Windows\TEMP\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\UtilityFunctions.ps1

Filesize
53KB

MD5
c912faa190464ce7dec867464c35a8dc

SHA1
d1c6482dad37720db6bdc594c4757914d1b1dd70

SHA256
3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

SHA512
5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

Download Submit
C:\Windows\TEMP\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\en-US\LocalizationData.psd1

Filesize
5KB

MD5
380768979618b7097b0476179ec494ed

SHA1
af2a03a17c546e4eeb896b230e4f2a52720545ab

SHA256
0637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2

SHA512
b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302

Download Submit
C:\Windows\Temp\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\DiagPackage.dll

Filesize
478KB

MD5
580dc3658fa3fe42c41c99c52a9ce6b0

SHA1
3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

SHA256
5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

SHA512
68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

Download Submit
C:\Windows\Temp\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44c4385447d4fa46b407fc47c8a467d0

SHA1
41e4e0e83b74943f5c41648f263b832419c05256

SHA256
8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4

SHA512
191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

Download Submit
C:\Windows\Temp\SDIAG_b47c1c90-184a-488d-9c77-d89195d11394\result\DE394C64-86E4-4C40-949B-9793F6844AD1.Diagnose.Admin.0.etl

Filesize
192KB

MD5
35ff8ed6ffd9574b9ac7eef816faf2e0

SHA1
5a0566f6cc7bae58cdcea020814e1e5ed775fd22

SHA256
60b1d07c2f81d67ec65d92351fae2d92abd7f2546ea064884f31c4684f797403

SHA512
a1bbd6e91b1d56802ce8c7c4330c27a2776c934a7ee2dbc8236df9f61a22d8a183e680c41cc7430ed4ffc89c1d63074b1ff11eed1867d35361a8ad7a8fa9c5c9

Download Submit
memory/524-791-0x0000016B1DB30000-0x0000016B1DB31000-memory.dmp

Filesize
4KB

Download
memory/1020-1451-0x000002C0BD250000-0x000002C0BD272000-memory.dmp

Filesize
136KB

Download
memory/1276-821-0x0000024BE4260000-0x0000024BE4261000-memory.dmp

Filesize
4KB

Download
memory/1288-823-0x0000000140000000-0x000000014013E000-memory.dmp

Filesize
1.2MB

Download
memory/1512-778-0x0000000140000000-0x000000014013E000-memory.dmp

Filesize
1.2MB

Download
memory/2316-1610-0x000002877E330000-0x000002877E331000-memory.dmp

Filesize
4KB

Download
memory/2316-1479-0x0000028778960000-0x0000028778970000-memory.dmp

Filesize
64KB

Download
memory/2316-1475-0x0000028778920000-0x0000028778930000-memory.dmp

Filesize
64KB

Download
memory/2316-1609-0x000002877E340000-0x000002877E341000-memory.dmp

Filesize
4KB

Download
memory/2316-1484-0x000002877E220000-0x000002877E221000-memory.dmp

Filesize
4KB

Download
memory/2316-1612-0x000002877E230000-0x000002877E231000-memory.dmp

Filesize
4KB

Download
memory/2316-1613-0x000002877E220000-0x000002877E221000-memory.dmp

Filesize
4KB

Download
memory/2316-1615-0x000002877E220000-0x000002877E221000-memory.dmp

Filesize
4KB

Download
memory/2316-1618-0x0000028778D70000-0x0000028778D71000-memory.dmp

Filesize
4KB

Download
memory/5552-664-0x0000000140000000-0x000000014013E000-memory.dmp

Filesize
1.2MB

Download
memory/5552-665-0x0000000140000000-0x000000014013E000-memory.dmp

Filesize
1.2MB

Download
memory/5760-678-0x0000000140000000-0x000000014013E000-memory.dmp

Filesize
1.2MB

Download