hxxps://drive[.]google[.]com/drive/folders/1rvc8Bio0GmdIf-w4iIdEmqnli0HHM6nS

Analysis

max time kernel
264s
max time network
265s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-11-2024 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1rvc8Bio0GmdIf-w4iIdEmqnli0HHM6nS

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	mspaint.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 830947.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
1584	msedge.exe
1584	msedge.exe
3876	identity_helper.exe
3876	identity_helper.exe
4316	msedge.exe
4316	msedge.exe
4500	mspaint.exe
4500	mspaint.exe
4812	mspaint.exe
4812	mspaint.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3484	mspaint.exe
3484	mspaint.exe
3380	mspaint.exe
3380	mspaint.exe
1312	mspaint.exe
1312	mspaint.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
1140	OpenWith.exe
116	OpenWith.exe
4692	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4500	mspaint.exe
1140	OpenWith.exe
4812	mspaint.exe
116	OpenWith.exe
3484	mspaint.exe
4692	OpenWith.exe
3380	mspaint.exe
3380	mspaint.exe
3380	mspaint.exe
3380	mspaint.exe
1312	mspaint.exe
3552	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 1752	1584	msedge.exe	83
PID 1584 wrote to memory of 1752	1584	msedge.exe	83
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 2592	1584	msedge.exe	84
PID 1584 wrote to memory of 556	1584	msedge.exe	85
PID 1584 wrote to memory of 556	1584	msedge.exe	85
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86
PID 1584 wrote to memory of 4308	1584	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1rvc8Bio0GmdIf-w4iIdEmqnli0HHM6nS
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad17946f8,0x7ffad1794708,0x7ffad1794718
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6544 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10532309118095595617,17392749560836545547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:1008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4772

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1060

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\realSR\realSR\x2\patch3.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4500

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:1244

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1140

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\realSR\realSR\x2\patch3.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4812

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:116

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\realSR\realSR\x2\patch14.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3484

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4692

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Pictures\MountEnter.bmp"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3380

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4544

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Pictures\My Wallpaper.jpg" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
33KB

MD5
8d3c9ad0d2da7700f9f4025d78a020af

SHA1
850f31105791ca8120baf53e0c6e2407c2e46f92

SHA256
64bcc7f9c6d4b9ce6c38ecf0400da133c58afa82fc8c24ed1f87f27d7f215e26

SHA512
7ea30fb996929aa21a045b468bb098be755ba348b9339a82ca4b80644a002cc79015b4e664969458d03d936c692e0407520387e10a3d9d5bbd7cdd92986d895e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
1c68da917c325aaf3d95c3accc2b3d61

SHA1
0383d1f8ba63e1a1a4d1fdaca98121955c36ffb4

SHA256
a9ca0af527c60eed9d3bcde2ed64c0e276abe429bceba9d57704af23034775e8

SHA512
0f3cb68f8398717ce5575b91d1ce01181ea0acae5deda5956a0cc1ca951ff598f45dee7e1764254ac79d050d342f413f639470f8e54e8c117e636253cce6c3bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
24b0b06e2c5a85599de08a3b14ca3aa6

SHA1
e047a6d7800f54bd816c82bba5cfd3ba94017797

SHA256
b15c822f30e92b1cb8a0fb43b304badcf1365fea58ec3413ca363bd595aef9d7

SHA512
c20fd2ac5a54f3d2d9e9374f0249a2a060a1699539bb9dea8608b0f22e1242234e92bf90bea33810f40f8d92ed60fa48e897160a9bb1cebf569b1e8da9378065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6d649e9600db9164f9c522c1b4ad4350

SHA1
787331089139a642a27da3f2cc6aa36de6b66f80

SHA256
8234fd14536acecb258ff952753d2fd00011304bd55073328a98a59f7c8d8c16

SHA512
60ba14d86c08416ca44a97a50cda3f4a53e6412425a1719ddcc1cd07aba9d16e87ce7666843d4a68342f4044063f7eac1df0ce250f7a75de7cf79f6a35732678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
61d3ba64f02c547ea59ce6e02d19610f

SHA1
47faf789f67982e06bc41925221f554c9a6d5ed2

SHA256
4d50d600eb81d7c85e7f8174f53db4b3ff40eb94f9e867a9c5671e4359deebe8

SHA512
38b1453d12ada5284f492fe6040d2c413a320ff22e81c99e631a5bc1cb88600bf9593b5ffeb9058341909343807580fbee87e518b63b376be12e5b308de126b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
448f4ab0ee861e7eb265e09eaf15150f

SHA1
c345ac90bbad4b477229f4aa13494b0e64d49ef5

SHA256
e33ee1923483dd26d1d4427c324d8da8bd2cd1d72a9cdc8feb76f7029664f332

SHA512
37c3f8e47b19b570752c47119e0bb51e770f5658330258d1f4b566b0aa70e8b3818e96bae80067715b3023ce6d59b01229feeeeae124ae785b514d4ce6411d8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
1b6a46fc40e23808815679d5830aa4a6

SHA1
0c13a567ae8295818965a4a09b9c63c8e7cbfd9e

SHA256
9d86d9435062e6af54dfb5aa831fed7fca16aac1f840bf7187c625751c4619f8

SHA512
c84a5ad5f4b06641529c0f0d9a43e04b5244fd1ffb445b834d878d7ffe42c9b96d50a48dbdfaae5b141c462af8260036028a092cf1758064091d3bd070d9f168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
50333260aca1138b62fea52b59a27912

SHA1
f61a1238a931088ee500459405b36397795a5b53

SHA256
8be18b283d701867d71714918321f4615af3cb40cecc5fee5e2fd28a5c500a21

SHA512
4ef9b18afda0e24f87b4a57a0b2e8ec42c7f4eacee92678263573362b50043ecc5b5e54c8e35dd7cfa384edc59efd79920fb27e2ab74cc05b9a72b2e3a13f99b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
7f498e0ce794ac94136be54503e8e24b

SHA1
082dd37bfffd69f950a05f83d1ca2508b8e88813

SHA256
b5edf2b74ddd43b32aca3fea791fd970d8fbd6236a5df60c6aeb4625b8bc6133

SHA512
af046da3b28673f4782fce4319428c9213ab33230cf1f15a25e18924827e9c7960d281c309cb8b878bb1748768271131940fe10e9e9ba7888a3ff9344e2a2091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
4a54bef9e9a26200ee9ea9aa1574c1aa

SHA1
cd97a116af8f258ab18da85636c673961bbafbd1

SHA256
758b868371945ebdb6d0fb7ead72dc53e4a96754989884fa753212969c78d567

SHA512
0d18d3f44c925ec7bf29820f161ef6cb4374aeaaf78724684c0603ed61fb5065934950146c4cf0170bc6e85d7afa1e72627a59f6c88df89cd2e46f160eeeb7d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dda02d5d4e35d19b20b4e6b599191e90

SHA1
d69b5701defceed38c761214cc1bf1d16b5d2482

SHA256
a7ca8a2cc195878065705ef5f1ceb0f9d85dcc925d117f63dcd1838fdf89ef36

SHA512
cbe1328f018be2794626c849bc812242835e4e6c5a2c425e248f32842a10067126e1ec4a22a0074b7c0834b4972ddfafe5b5eb45ecf7cb463291d649ef3e2c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85e34f8961d2e131920f110c9a376f35

SHA1
1319900066430e50a1d2a426c4d4c977b6654eb0

SHA256
87099da9e28661a56471fa1f50e778a1832913e5a208d36839ab3d358065ff1c

SHA512
97ea5ddb763066ab766fc56e9a9845ab0434108ea73c22f55f7f3ace4055572e7f4379fef188e4050b5c584161ac60ecb6afc2658c5a2aa153550b11290e12c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ea52c68b3abd4d6e7f86fa8a13b01438

SHA1
a2687c63c9c631e1115bb147923aab6a9a5cccf3

SHA256
bd6be7d50cebfc28eb499a1f876fc5cafb84f966c5f56725d16025cb469a9933

SHA512
994fd146cbe93839d6e8a9da629d61b15f2632f6e7bb55eb65bbd3a1d8d30a164cb982d3b03f9c6f47316e8ff9d884321cf524afb03a35ecc4920d14c525c4ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b915882959a5aa38c3cd0f1667a6aa73

SHA1
53c2e8fdb6a17c254f82943ad1b68e663aaa42a7

SHA256
89d514da3d6cb69b7536e1385959a9507b5853c05a8db156e71072668e45db05

SHA512
c1cbe6a083de7533131bf87ee59edc49c72d587d48cf70345b49dabbd35f0dc2574e039d247f5a9faed46006dd90fef9a9cd4776da4e8aebf1a069bf288f3f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
be589165eed250f35014802890d040b1

SHA1
777923e229763d3347f061450a73a9843dec55e5

SHA256
bd73fd652c8b151985086bd1c099617ee104d80004244a814719d11071984ff1

SHA512
3fba023897db272fae6c45c39af4ab5f6b244379b5cbc0d39f220bed3848ccd23a59218ca026c50fa9dcd9139aac1d041e0470b4008f4ef5f04cb0763e6001a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
179413b48b52b3741895412c8160f85f

SHA1
e2d1fc4df64e118b3daa435867b1bdddee3013e9

SHA256
fcb44f4b3d948d50f6062a6b7230f0bffb6e9efdcf1369bb0973c7868a0b227b

SHA512
8cfc7d9325bc46db5260a1a8045cc177400e6a57f8751e4c9c08781cf207025ccf939390bebb14858764d480760591c55640388794c42a06b08fa682464555bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
98dbf9a0a3885dc3ba8e55d92936bfca

SHA1
d0823ebbb299f6acfdf64d2c81fdb7ca89234225

SHA256
6a94598e9a01b80614c8cfe0731a9e0668fa22e071dcafdda9517b1a4d17cf98

SHA512
0ac437f24c8b76c189109b319efcbe20537bd8af85a807d7f9046798478f814430d1bea86031e6e595984e4e479bde0cb0e38b0f8ae06a92a929779bc5a665f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59fb00.TMP

Filesize
48B

MD5
73a552f4a023f04e14476250eba6a854

SHA1
79e02c8868987367752d212e3e7de7f7325e5855

SHA256
2225537a9903d47c81851018a0deadaf5b26d228d98ea422d582473ce2f2c4cc

SHA512
046e4464270c3f82d6d5c43dd93a9c4b110a4fd6c1cde9383ffebc5d16b3ab171f3a6c95d32916990234a7253a296895f0a44782c3678091aaa3779390ce9c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9134f92ee211a3d10ad9a1d39cb40a90

SHA1
28f2277e2a9ff9500f5fb6ed1dee0fe69c2c7881

SHA256
a774d3ced7c05a8a857a4d811f88277e38fb851d2014bdd8b4b52814342cdfad

SHA512
79e7295817e5ba2ed9f6377b7e785c5e1d6f52942026e10093b6d8369e3ce9ef7ef220f2c5a1345f71316d13b16a6382786261f04017b52d6ec378092cda246f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
76f443147acb5aa9a4ee5ea334edf44c

SHA1
ec8f04a04c8562f128e2209bb8bddeae011f7db1

SHA256
fc1a20f1cd459a711d23736f346939f14015c1399c455bc1aecdbdedd914fe33

SHA512
234fb7a90c5ab6c3d873e6b46b0a19315364179d212c2061ac329750b48caddc4a708500b2d40f57a027d9b7eb2cbee87e28cb0febbc18fc47712bce28471a83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bcf2e5fe7d6394c6c30b74da7955f472

SHA1
db9561c89dc3ce5a811c7637a72b2d573badc1e9

SHA256
a0cb24a278e450649bf98775664e84434cec654acdd7af436dda16362ec3a1f5

SHA512
eb7426c876b0c60d139222b841108af513d0bd4ec8d7994eda350db75282bc645d94ffdf94a3abbdcc19fcc977d61837601d211cee272609d7f1ba7d8ff8233a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
59b18621a9b9c18c536b230ab2793f1c

SHA1
8857b0af21e519ce786e44665e3c82bfe30df126

SHA256
cf59e619405bf45e46f85db93e0ee76888e003c088b58f80bd627c53a11f0b40

SHA512
0bfb3429c5731a2ee7a721082d92645dc1410304a852ec0604a36dddbcd818409f80b934d24d62fe06338817ab6b5934e3e344aba4aaedb68600d909108e0e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ccc1.TMP

Filesize
1KB

MD5
b42387482210ade296a63811f9b6c904

SHA1
6dfe12fa89e04f977c5bb52cfedb181ce65186eb

SHA256
7e9d662c6ebd0a475cb514e06fcea0147351ea026bcf6ca5e19b5b38042d6cd4

SHA512
af495d99f12cb69e2aaa30308c88278980f262dc72c4f765cf21d9b29903f7dac6a9a4145d5f7c063ec84c2cb71d795d359152af8e0613bd85d5cdc2299641d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d3fb0cf64930b76d36277d5e39d16d3f

SHA1
a09936286ba83895edb4f0b258107497b4c59799

SHA256
fc4924a6be2869a6875c1fbbf28e3f92f2a89c372d817296539e87c5fa68ebbe

SHA512
8afc1a638324d58ce512fe901df7e8f01a0b893e9bf772ca1f532ed1320356ac70658dfdcd4c0c86991d726c982ca5178d6b058673fead8c83c2da38a7bae207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5f4cf9cc59814e8e53932d72f1368657

SHA1
a1f6f97ac806116432be2d4addb45210f829d8b0

SHA256
68bcaa5a182f00357e4fe4910a2b4a1cb630c11be2ef44ce87a2e5c6812d21fa

SHA512
4646bd97a730010cd6386b0da78e5829342724bd631398e06e5951fda5e9dd8f16460ec2397b4b92dbf78bac3f9b806b139b3c3427b8c2e32e51753737de3705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d8a25d7aa2075ce40f4fe4660e85082f

SHA1
81186bb4754cd5954e18d682ea170b78ab3bf184

SHA256
9a1ad2f076a70cbbd2dacfe88e98e8404ef5fd39c97f3fd661fae546d92b6d4d

SHA512
bb4a4ac9c86c6ba550d9dbb6b09fa1243f4f8587f1e7eb17c1b7df469c7f57adf98c6ed6ee6472f72d7a397aa42630c8f911c8380d321a83d513f7643bc26dcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c3a7a92faece08b45737ba7c55db5fcc

SHA1
1efa90e300c9cefe02cea66bd6648010d120eb6c

SHA256
18bf864f52475012160482fb35f267a02d1dc13517b1c6829c94d3c65d8ce2b0

SHA512
169ef8950f983db1306a5a1dc267513779c9d7f7085993980295d26ab823b8a7552e80a69d3c29a1e92e4ab66ab56df10a2e683bbdd88042f7f055fb4db0a2ac

Download Submit
memory/1244-284-0x00000188412D0000-0x00000188412D1000-memory.dmp

Filesize
4KB

Download
memory/1244-283-0x00000188412D0000-0x00000188412D1000-memory.dmp

Filesize
4KB

Download
memory/1244-281-0x00000188412C0000-0x00000188412C1000-memory.dmp

Filesize
4KB

Download
memory/1244-282-0x00000188412C0000-0x00000188412C1000-memory.dmp

Filesize
4KB

Download
memory/1244-280-0x0000018841230000-0x0000018841231000-memory.dmp

Filesize
4KB

Download
memory/1244-278-0x0000018841230000-0x0000018841231000-memory.dmp

Filesize
4KB

Download
memory/1244-276-0x00000188411B0000-0x00000188411B1000-memory.dmp

Filesize
4KB

Download
memory/1244-265-0x0000018838530000-0x0000018838540000-memory.dmp

Filesize
64KB

Download
memory/1244-270-0x0000018838580000-0x0000018838590000-memory.dmp

Filesize
64KB

Download