hxxps://drive[.]google[.]com/file/d/1adfIUqwX3cVtoP7AfeD2O5HOBi2rGsQQ/view?usp=drive_link

Analysis

max time kernel
566s
max time network
567s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
12-11-2024 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1adfIUqwX3cVtoP7AfeD2O5HOBi2rGsQQ/view?usp=drive_link

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
2092	Set-up.exe
2080	Set-up.exe
592	Set-up.exe
3448	Set-up.exe
4676	Set-up.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
3	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 7 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Set-up.exe = "11001"	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Adobe photoshop 2021.7z:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
704	msedge.exe
704	msedge.exe
3888	msedge.exe
3888	msedge.exe
1660	msedge.exe
1660	msedge.exe
4936	identity_helper.exe
4936	identity_helper.exe
2364	msedge.exe
2364	msedge.exe
2160	msedge.exe
2160	msedge.exe
4908	msedge.exe
4908	msedge.exe
3976	identity_helper.exe
3976	identity_helper.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3324	msedge.exe
3324	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4788	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	1860	7zG.exe
Token: 35	1860	7zG.exe
Token: SeSecurityPrivilege	1860	7zG.exe
Token: SeSecurityPrivilege	1860	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4788	OpenWith.exe
4788	OpenWith.exe
4788	OpenWith.exe
4788	OpenWith.exe
4788	OpenWith.exe
4788	OpenWith.exe
4788	OpenWith.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
1836	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 4756	3888	msedge.exe	79
PID 3888 wrote to memory of 4756	3888	msedge.exe	79
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 4184	3888	msedge.exe	81
PID 3888 wrote to memory of 704	3888	msedge.exe	82
PID 3888 wrote to memory of 704	3888	msedge.exe	82
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83
PID 3888 wrote to memory of 1084	3888	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1adfIUqwX3cVtoP7AfeD2O5HOBi2rGsQQ/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff70663cb8,0x7fff70663cc8,0x7fff70663cd8
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,224612441754953714,1930545905258803513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:2160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7fff70663cb8,0x7fff70663cc8,0x7fff70663cd8
    3⤵
    PID:3864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
    3⤵
    PID:1560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2476 /prefetch:8
    3⤵
    PID:1756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
    3⤵
    PID:2196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
    3⤵
    PID:420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
    3⤵
    PID:2756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
    3⤵
    PID:1796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
    3⤵
    PID:1620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
    3⤵
    PID:1148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
    3⤵
    PID:2600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
    3⤵
    PID:2028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
    3⤵
    PID:3096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4908
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6988 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
    3⤵
    PID:4628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
    3⤵
    PID:3144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
    3⤵
    PID:2976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4008 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
    3⤵
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    PID:3324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
    3⤵
    PID:1108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
    3⤵
    PID:740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
    3⤵
    PID:404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
    3⤵
    PID:824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
    3⤵
    PID:3264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
    3⤵
    PID:4992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1920,488976463518104192,14117825348140878859,131072 --enable-features=ParallelDownloading --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5168 /prefetch:8
    3⤵
    PID:3508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4192

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2080

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap25634:100:7zEvent4695
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1860

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies system certificate store
PID:2092

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4788
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Adobe photoshop cc19\resources\AdobePIM.dll"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4908
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1160
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9A4EFB2F151F0DEACCFF3CA58F70B49F --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2520
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=ACDF8CD305D037D46B0337D955225DEF --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=ACDF8CD305D037D46B0337D955225DEF --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:900
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F3F26B92347A2DED1CD5C9A32AAA7A64 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2524
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E4EB9F5EBBA74F26629BF516A10098B7 --mojo-platform-channel-handle=2436 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:4636
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5893081DDF246AA6FBEF0ADBDF4C27CD --mojo-platform-channel-handle=2416 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:4280

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
PID:2080

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
PID:592

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
PID:3448

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
PID:4676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
b632d85457190d8ae3cbbe9f5d5b82d5

SHA1
5828ae7d2ea972105c23413f72e863f1b3b2a199

SHA256
5286a678d0b706155b2f18e048b9977b2d287d53610ec2929438ad1d1195a51e

SHA512
dab7900b3a043a3f80f2dedc0a1f3b54af5e5e1a5f689094ec754d4b14bf3b99d8d2fb338fc27390bf5d7ae3ebc83d85b043b1193fea7e703a2ff7eb207fb6f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a50dd3c3297300e953e05fac805df7ff

SHA1
b3ebf0968949aeda0e8ce60db734e66e13052dc7

SHA256
f947cafce480f6d61d031ebabd0302a968f80b4216640c58c582b03ed8e04911

SHA512
23f8e345ce12454b438ae84059de1f2945222977e7056467c749a56768a0ec70c9d4e184a789bc3fe162a903a5cc2f686f5684e442c854a80643ab4534ff338b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
0e6a64ba66e68050291da2b5f34210fd

SHA1
f1b103a68c43a38e0fc8103d3f9c2c73ccb627b3

SHA256
0bf788585c7a4814e806bc7e188d7a25f0b2d36bd52590ee2100348e5267275a

SHA512
d56490509007a379752b2653847822eac33afe81c2f2a0efc3195762da852cb3909c434652a56c7af43043b3da676ca3f994916ddefa71d4a123ce3fcd72a9fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
d900afd57d5528362f78777234aa4f5b

SHA1
7fcfa64e6afa4794b7242cdcb63297da97fa9b5d

SHA256
3d84f3d9a26d6343fe27d6016f2545275ba5cf7b97a8da57c52e1441d9fc664d

SHA512
05b1b095e601077b60f568f42e71aa7daa90010a2d161177ea2ec030973467d26ba5c4aeb4e7241d342646843d8c33ef4b837275f0b85da1e43562f16bc08e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
d89f787bd1c44b74380751104e9a7a90

SHA1
f2c3d031f3e839e301c29b81d69f176409a2e532

SHA256
147b3ecbbc0020ba6e229bee017eced89be2fe57a68a9061345fa10ddbff1ad9

SHA512
2c14fd6c2c21c30dd1e8c6b2b2d84254fe541533cbc10ec8713c9dc0064840eba28ef455aee52f3518746832ebb899429d073c22534ddaeb60a94b62b4aa3503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
aadf728fa0f35a29be9c37e45beb0cf9

SHA1
6c52cd40c5ced11885ce48a8e97d735441734364

SHA256
ed704eeb150fe1d35539294e0be089e0da3040e1dc6739e33457540cbb437464

SHA512
83870ba8789a88f4cca05a21001bf6145aa6197cde3274d05e666ae0f6d5fc07a86237983d898aece22e593fced28777d8c10fd8b2bff1a21d4a800a626d622c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
3ff68e1d6db87872cb90d8eeabdde626

SHA1
520e54b6e74660f1ce065a94a54576aa27613da2

SHA256
e794831e6305b4e5d63af9af3af7318f70f2873d4a586df79824573b066ad709

SHA512
8bc1a8923c7cd72250003894a24b4bbfdabe0f0fc8bf98ce0a758c15cbb248a04947ffb5704671d387b7a0f02fd440622c6af7d9feb2f4d116f771451c9ca631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
41b2feee94e3ee5569da5f1a7f65f9cd

SHA1
27634e09230e412e04d7c3e1d6cab42cb58f0c5d

SHA256
b0e5983813387747117b6514f16a27d442f5c43433be889eb18c016bf7c383b8

SHA512
0464156ae2b51e52745c92fd000a8357525fda9f0cf5d923aaae0da747d898c0dc57ae9643227a8f2dc3f4b3f685648ebe31a7695a2547c38484bfca5b5d9ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
6adcd8f1d1fae00804883611dd068506

SHA1
4873783105399219099839ad65815fdcbc1c3b9c

SHA256
b06a3dbe5de4b659b2440df0bba6f4618715ab48b21ffd9ccb175ff616828dfd

SHA512
15a980cb1bf68413fe38a140c71279c662d295969692aaa0a521b3c0986f101baae7bfca18724fc62bcc17f26ac2164dc8493a2b55e01df88408918f37e4dad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
730a0bc89b4b09b3a924178fc6f0232f

SHA1
93bbebe8d8474b5ee95721b36553294518a45dd6

SHA256
c7dbdb6314d3c9c9fef55bbbbbbd2e0446f6210ecfb6e1a489e562b65cd9c6e4

SHA512
b83d7ca86ff3b68df5786bc5f1173da1cc7e4e02a8954097cefe416f0307bc836c139d7699781dc4ec442829a24aa4b688c04dc4891d4c1a0136691781bec642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
c59be06623a8c10e118a656b0c352978

SHA1
217588efe793eb5ca2a81d2195cdbf31cfe7a9a6

SHA256
7e455722c74a0565705653f9db2c90bd9bcd02e6927d7c9363e705961df55ff1

SHA512
77a06bca06ab645eca8ea6678cabc9ebf3ec4afd7b0f3a23d404421a93c92aea88299b8c90b35fc01fc827d8f176ada8f4b734a9c5d986229f1aa5e1131625b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
5d0f76e4c146ac81a1509f3a66b29d7a

SHA1
73682c525d69be9c3cd48193fb63f25986b1af1c

SHA256
80a271c4b28abcf21245fbfb4a26d9dfdf3427207135021212e56a06f243cd2b

SHA512
ba00045e31a86189495aafe1b712d2a312ba90d5aeb01ba77e5bf829d321ed16dff245fb372a377a26e478e67ac12a3a549b5322d481ff0e6b2ae868e13bc546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
ae55a9bc86db6a912a39f62504b223b7

SHA1
ed32f3794e33f2a061ae39d8d66a82e1bf419317

SHA256
36d2e9a1174d4330af689e1d44af83b2876c6c974e0360ae39860d6ea0ac5579

SHA512
90d14967e9442e757c4c6b267e686f5bd1a28e62c9618dc29184a30d7fe7b98e1cb89b105b39db4fdf8d2bfb0d32d48955f5a1a71fbe02ba76b7492dfb5b691c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
6ed640767cdd98f8a1bb378d44b1cb7e

SHA1
39464833f119c3d86d0b9c9c13591d4ddff56ef1

SHA256
f222e3b3b7b9bb106b50747b8493719e7a49d9ed42a1ffeb0c0fce15fed2aa73

SHA512
d71db6c080114a5b66a1ceed8aa578d21398adcbc815832c0db9e1fb0b3135ca9b5714fe39fe4135970c59098bf11fb0628fdce79a3037628d67d148b2ad3904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
4f5d1146f4c35d01eeb279e7a7adeffc

SHA1
82d6af549b892bb6276ad0f3dc44993345ac8645

SHA256
0a795f90e5290c4601aff9325566f385875f2e78dd77c0e7d75730a6b87347ff

SHA512
bd9ad6bd0ec2a3e66500206f00b466d09fc4efff5667437cd011eadf265bab7ff11864a2f9522e565c4a9328450b72df0d9496252599e0cc93e14e228438e894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
95B

MD5
e747f00bc750c8b5438d17c626546063

SHA1
42fdc138eb2e3f5b19b21426a0cf9aa08fc2578b

SHA256
eb8ea32b91057259f2cb40d6f8fc63367a39685486fa045bd0d4cd57b4613b06

SHA512
40ac77e5937d6a79f104bd309e7e6e5593bf3c03f02efdbda375df04a7cd26afa3a7f677e7184919e25673a53663bcf36364b5e277d499d97046837fccbdf4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
41e09c72ed14213fa5afa2e7a46c1d9f

SHA1
4df7143e44b48782b80ba3e0f0e7bacf07be8a09

SHA256
d59306dfcd675fcb5a72ed205b7cd598baf94c4df75323987d36cbad9194215b

SHA512
d8d447f60dfabb57782cc85654a1ee933d7542015d184d5106fbf379cf4e22f53dc54fc9c4b9626c50f5f4a49a60ea7d861060264583e695506334af978a6fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e6fe64d9c9ace8d64e144623d92e37d7

SHA1
9700e6b4ea994548382f2709b918b59e5412fcd5

SHA256
607b6fa4012338e9932c26d89efcc9b3bbe96e35556bbe9087b393248929cf11

SHA512
b2784c0f7a6c0a0f2edad45fba61c48323d6523012085e9febd5ec072e79588eb4cf9cd81c160617cc7ca78280c240cf18d9ec8cc51f884df06654fdaaf1c155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
860abda1cea9094bbf8f8dfc08f41595

SHA1
c96a9c76f7e45bd299ad9b85efed66b8f3a0f789

SHA256
88adea7912b1737a6d62f1a524feb973ab1207dd256bb01cde21f04fea290ebb

SHA512
3764b7710c4a932aafac10cd75128dd38052d5b7d8ec620339476bc68d78a3068506847249a10ef86be190da764e105c4f0e573d6796ded1e4e90750016cc2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
654f9c8fd8d82a5cef512342e76d5bf2

SHA1
6ac856ee85344934c0605ab445b0f1b8c2d33d3d

SHA256
ed8986f6bc76fa334e54ddabb9894a3a81a4fb432e6c6c38ad8d9b7783b9e256

SHA512
ccf160da0298b99d8269d5fad74d68b7001992708c00db917a906975ba112eaecbf66423cd01a5a9947881a8b6fd913a6c985219b5aba0345179bba26657883f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c6c088f840c2cfdb14ebfa392126e889

SHA1
b07153bb3635b5758ae4c2e8d4d35ee7e2d955ca

SHA256
9155078209033025fee2207dbee650debbef8493954a87b8f9c92990347e3d2f

SHA512
284380f6c20c5bf6e67c09d6945dac262493ec25d05acaab695e3e87683e36d5f97912565b29179a1538531230a5d0a1110cd92395494a01c8955d5263d975cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2048f2c5a1174e20503e8d84258772a1

SHA1
da58ac5e17d8b20c2ea8297e932ced7e606a82f1

SHA256
ad3701ae683e44fd384a9674ef65137e876a62255797f06725663e0fdc249947

SHA512
e85f1d47aa1d381bd012cc1bde78375f652c45126eb65e444b91b261fa94860ec8445cb9fe065ce6c0022b46c9fbe2b9bc1d9a310c29db67567e3980683afb35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
bb350dd1b3cadc740cff227b9e6764ec

SHA1
65c11231d20b5dfc7c007935c3fb980b3fe79856

SHA256
76275b3df7f29e682a8e5df7491e1bdbfc5f634dc4610ba85d45b10a2c26bddf

SHA512
8e0db142d8bf400084bd33d6c6176753feb8b448ddbfbdd959c179a4d21bc4306c8dd6180da90b5742c2045af7619f0591d15596dae51b4a50098f1fe837fc66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bd06afea114042575eabd28d01763826

SHA1
54dddc44df238180b3c7fe4fcc07ef7aef4d2e41

SHA256
9856944e339be0b2eca1ba2ba25a85078ae80d6444d5714aa6dcd588d8eb7b8a

SHA512
16d00d1dc179cb68f6019f13bad22e633268ea44b10041b231a2f1b95936f6f55091a768d330a76216a80bea50b6029c397c070b5f496f2765430a55168af068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d80fc69358c6cd95aec01ca1ee485784

SHA1
a10f7c58adc559f9bf08f0754753607ce78ebfc3

SHA256
b2a77aed7cbcc71fcc8f6df3da483e6c19d474b877c5424818de5bab7a2c214b

SHA512
08e19fc6862d66686185e64477844c1969f4bd84b47ef5e1d55e410b55195ad84a3cbf84199a6b7888431e3bba07a9c5b95b1b775d7db7ebd988375a4b365d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9221340476f8afb5bfbd93881ac3f6c2

SHA1
5ec99e03e033a1657aedf3fcb590df2e98406f55

SHA256
3b0b9f20ac33090b579041b12acaff2d247a35cdd1602e5fdf19f344c36593af

SHA512
ebfaaf4a74d4803c2553859cb69ab17597f26958ab761319221c8eb74a39a052b14fdb5a4a6e46adcc97ac068b06b5c2953c0b11844fa1fcb49582e56c9312cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4d78dcb86e9d0a79f67db8751118bcfa

SHA1
5555e63e47067080b730ccbfe808210c357d4907

SHA256
27efc63097a78e6c82cecc5529774e338bced341ee0849a854c9b1ee042656f5

SHA512
1432b91856f7d17a9518334fb39dfda12a81bf8b042be579c360ff888c04e9ca50a852d236cc18368043691f5ec1e5188e286ab0e0ed02a4d7a915c0f2450745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
21731588a68e3a1227953d806c068339

SHA1
f2b56658356699942704ffd19fa1963e13c05ac7

SHA256
4104a93715c5d9297aaf15db9bd487d66c73f9e73738169e314c61c587260db5

SHA512
eec9f500afdcd2791798877b37ecbe9ee0b1ac0a12a606ab5ca766e6bdf76ef8814b924554e8fc5ab1d7c0cd6903f04f5332adac114e884deec0c0c70b6cf8cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b04d3e1dfbd1d64693652db90766c48f

SHA1
253eb76af7b42e7d68ff918da3e7eae742170de8

SHA256
090ef44275920ad0203d6ce20f29b3da46cc37d3281b43331a018e3c297af0ec

SHA512
a1fbbf7df6a9185134a40a13a1e43f4dcb77f1764fd98ba3f960c261f8dec530c0257d981052aae1914f650630828af54c5f4be017ff4e55eceb5fd42ad27d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19c20058e34196fa4a31704bdc3a1def

SHA1
ee6290a1ce3d2d3b40548673d96c6e905847e6e4

SHA256
256f271eebce951aca745ea75510ad7f2546687a07783f5f6637cb39ad7b8c96

SHA512
85becf2fe0a5c56c54de1705e5a6206948ef0f3cd9085443bdf9d1aff15d8cd2adf34b20dab97e437d2a8d5c7cabb3e439672c4bea536b4b474db887abb56883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61a0472fa707e90e6ad8773eeb331c73

SHA1
0f0892022eff4618981ed58cde16669b201d5889

SHA256
43efa4d0a70a0a3d2d302767b59352d16fada7dda2af0c3d0073219bb4190686

SHA512
ca72712d023758e419ec083e97ef024e04f47999a8b8548b5c17105390f3c4d33c68fa16ba31adcf0b509c54335d52d108a1e5fc7467dad3a4d0df654aa316f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
83d57053177a25f4cf2cc212a599ca31

SHA1
2ba4c3145ce5eeda49687a5b6adfc3376a6b192e

SHA256
9f7a3cbb8b920aeca9c19cae6c975642e348500460e9547eab48e97379114974

SHA512
8f84bfbaac5aae616cf4d85ff8d93d3e6510b3b6efa5a4dd1e1c6aafe5ad4068bd3e3d8d517761e248e2ceadd93d76247804f98d547842bdefd17d06c682769a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8b9f3368f735a994071e741d78ac7d3

SHA1
5803e1ce0dcc290ad95bf1b1e55303a5ccd1984e

SHA256
45985299f8ade6997b4ad591fec344728d8da014b91b910c4b7a36e36d0327bc

SHA512
a0fec868d8cae59d35de21539b3370dcb4b16c60169cf49d293dad6f2281c181121defaa62dad87a1b1112090310652a2a796df5b010834d9075f3aad51c037d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a98cb8f42c4c455d7053bfb114b0937f

SHA1
a95d1325f801ce860340e2cb872b1f161c50a978

SHA256
7a6c342c14bdc37ee710f85ee6ca2228607962f4999ba65ed6482ef068e02ad1

SHA512
39dcd84206874d3005b93c35f996facdcce071e6e0d372857acdde8b9e67391980352f2b290c35dfcce412159140d1d6b2881b09fc763e73b20b9698a9c9fa96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fd832e4ba541fae04956c4a417f9a31f

SHA1
945b727d63c7ad374254db56b2592e5844770605

SHA256
9c82853035f019a8eb2365ce5858e82ffb34077dfaebe1e5935be773f26a8ef7

SHA512
8fabd6e2a88cd5195e74a7c3e5471c3388d245b35d9278fb8b74bb37a2a35d38e39ef2f1f1973f2dc993e90f6cbabbf0993a48b604fca9c2fe1f539b2547968f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
af6027a12c47eb8d944db959eb144296

SHA1
3b6c94ff4917f72a2996bac58da899728a6d331d

SHA256
87b8a8a2fe044a3c65d29ac1f403740d841af3ed79fbb7ed3de734c2d4fed1cd

SHA512
4866ad0b708dfc9d5db1ebdbdb852ea0b73ddf7cca052fb885796450791c0d9aaceb8c91304cad2cf4f9c377f477ef7c4b819ee589272e37a6e6037e57524751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e4c49.TMP

Filesize
48B

MD5
4ad570e91fdddcf7582c66ef19ee8e24

SHA1
4567a46ec340cc793dd67b6eff27ce9a1ed767ef

SHA256
8ed51ebb800890865d2191790c9f195d6bc546f18f24d8bfd88b226bf5f1ada7

SHA512
bb1ea0144936d80c735ef737d0b4cdaf537ef86b6ffddc88b5320d039ad522a1fcc0f57b2e935bd50c6bf033b33a076a61317f419a61338a08d9e2ffcfabe1de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
411B

MD5
b3d0945ffa8845033cb3ee2c1f1d2943

SHA1
a8fb21b0b5d7e8b1df0607d6aca15f61276b5f8d

SHA256
22a9bed5d4e77094670d982175a9d1eff60208284c370f0541a7bdc17ade769e

SHA512
31fa3945a721d0e621c242cc3c3f090ac8c1f4da3ef6d82ca4694fa0908685561abfa55f98f1252bf4ed91f1a4cd11e057bd507054fe57eb432a9a52c141ade8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
b850d9aa6dec4d3be03417c4ed1b58f5

SHA1
8a6e881aee25102b0f45efff9307a8d516e94d21

SHA256
5386a8df6f9748a1f41596cb92e5f02130fe40b23b0c450da6e7ef32b73e69f8

SHA512
d1e5d4475c6e1a5e516d7ec94bd057a90ce50a9835c35a8f8297fb91e7b6e55b19749d474c658ef14fa787b04e66d4fd6d91fab4e0a434bfe96b66624eadd778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13375925735152235

Filesize
15KB

MD5
2d7ef66f1eb32ef9f8a05190c49df123

SHA1
77f117121284e74ea8f39be0ac1308593649281b

SHA256
cc8d5a39f553d2c7bef370bb528adf265354896ab5fcbfe94fe38bd4cc96985b

SHA512
3265a2ce50602494a5112d696780d93d9ff1d6fe1270e6457ecc0dba05e0a16fa92179f69eb4f7febd50d955cced029dad5087a4ccdf42c0a5dbea20bbd3641e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13375925735432235

Filesize
5KB

MD5
ec0ca977d89aef602540be141ddccf8c

SHA1
227becf293641a29f2c015423d763e228d7ea6f7

SHA256
f9ec9254a92559ab7ff3483b582cd9c04da5d83be3f63da411e6cd84069fcc7b

SHA512
d086f0d210c1d9154ee3c6959532a5ba555de23a993ff4197fa37d4a30d28ff4ca4f44af7f6686612108826b40a288882262c67f4019df5dca0453ba6c057074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
9b909becf289eb152b8e320d882b6b64

SHA1
300d1c147a23c03db5281f99186d8d841fcd1837

SHA256
036ae68aa848570948682f5d4aa9ee06da39696b039120ddc3ac8cc2aab87745

SHA512
3ce9856fff5fbd11f026b86440f6a2a1a9540b94cab0a206410eea9b3d083ca6f8e562ba3bbfd39f75d90e43fe6e5c1b72ce4a391444ac9846310e4615711a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
344B

MD5
0dc2423e47ac2e59a6349c75ca9b18d6

SHA1
eebcc93e68cd3c8dd74c3e744706d37cc61cc88f

SHA256
c5aacb1631a8c497664b6c72719f5b793c5936cc61cc8b8268a95a8fe1998ad3

SHA512
b84d7975bd7450128261fbd92874cbc1306a5c95384655f3f678241320ff4c4b37c11af589e60f518f8beb5b8368c3057953b4e6859f43df7eef193d7acc1b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
f30eb6c748514e77380a45ffbd6a2792

SHA1
008663765935b3c606a47e7448800c625449f1d0

SHA256
7fecc9dd21cb87d861ce5778db4637d401243ae78d9ae5d1a29b1369590051f3

SHA512
605ef729e07eacd2526014f83822057ebeb0d34aba9628ce722b4eb09e83e98ac403663e4755dc213db24327d9fa4991aa5f4a0fc0a661564572924e0073f253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
33b65e8c680f2216a95ffa55015b1c07

SHA1
4783242f5744c81c653d5c0673242a7300c97e4c

SHA256
3895c29af04f57d7e5326154357964baec97401c219099ddd55050a858e39d0f

SHA512
d7bcdf0b017b4afbf6342163800bfd6a651def60577d373b7c2a481d1a5c308808aa09fbc9bd2472f1c852dfb303c2a03855ddefd4ca6b54cefb4243f116c7db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
e88f5e69d6f6ffaf0eba4f5e281861f3

SHA1
8133e7c9329e76b9cdaf41deb9ec020edc561880

SHA256
35f17b7d58b7c1857cc10d44124a6a6e46e002163e67159bd9070f0a2ff769c9

SHA512
e9f3931bb9fcb012c430f6b4cc67dd396c8e41ca70667e4c6c5499e97e4fb855bf9a802403e048fe0e341b9f6b29962f9f4435f07128a734b344f9cac56f0db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
00391dd61edd8c5c9ee43b2af9265a5f

SHA1
0bec7127d93c29b7a3d5df16cd987bf3e1da2be0

SHA256
c317c008801dbfe474414acebf4ba3c27ad8f1c9b2474f912de33a030eb91d29

SHA512
2e794497e0c28d8b0f334c9d16a825783c184fda602d8c00c2832ada514d619678f8d604d11ac524f2439c3602b94efb7c7c24f23daa80f642c1e189b515c0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
9eef001df15d024a49e8126f78878a3e

SHA1
1b07055ab038dc15a07ca1cd7bf329f9c678d263

SHA256
29ecb70973d137416114917daccca0a3fac74e51217df2f1a569302640cd3e64

SHA512
f23def05949564b432bf5b5b4f43c79bc681743f0ae955567b9842abb0e5258221cc47c7c5795a8f4a99245ff233d0912da6bb09d52cc9542d9d17726d730cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
0c300d1f69c3df72e19e5fdfb426b744

SHA1
576724679d85f5c929412e6a0870a648fd497a01

SHA256
522c9b45f0caa8aa69f90d1eff2ea01ae6452097a5e1b64a20c02fef4d18f999

SHA512
93039a360b725e9b0d0bdaf4ab26248af5b8fd8f71fa04b614cbd8648a1ecf9b37344c53e7de9477eba44bf78f00effcc702e566aade011a488f933b204a4489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
51KB

MD5
286ef4d1eb30b32b9331ecd892bf2c3d

SHA1
21b31f1502ca393039b66e49724ac8bb19940f7c

SHA256
daa0aa26bd74c1fe3b00e670a02e0f8e8def38b2de97addb6e9088f10469e671

SHA512
3248d4b0062aa959cf143a723335cefac9bf4f5248478243a3168e11535d48a8443b8f84d4d0874954ae39d60c49a4ebf14bdedf78220be3bb04752795e71dc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
f77ae4c01b34bb4c29f38d58a970b602

SHA1
34f27d37e1072f9380a1d04d5ee7ff1047e96061

SHA256
bb4572b621df578cb4fd54fa96845f8a1160800f8303ec474c8efc5c060ddac8

SHA512
ae240ace8b58b416fa2f170451b35834abf672dc8b5bed80999435a64faa776518d21a71e3c9291ad99df80aea50085715dbf2cfda391940e81a635a7b889701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
057e1a78e9dd249ab0d3be84883bd0b6

SHA1
5d7294a53d43edc07fe2507029f47dfd0be70efa

SHA256
cfb984cc7a31422165fd191cf9873fe6c89cf329bfd5bd806a828fd22e75f368

SHA512
b34d1125bedb3dbee9ad0dac9de4341ec9c360d5881849197fa79181dc7f80eb7bd18cec85c30c816ffec5264f70aaaf02889e325856056330ee8f8386d18192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
ec802f7f2c69a0bc9c329a5c5fb1c17d

SHA1
a5aecf0b024f4930d71c609f971214650272d147

SHA256
839861b6f7578fcf96792b1842817372644d522f907817186d7ae44277cf716f

SHA512
faa62fc1f4391f4d821780d34f8b98679f550ad183cbba8746e75a70d031be7cd5a33555e4ad5dd6473070dab5d86c852135a29683cc26f006dab7e9d781af98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
4baf58d9c46a8ef4585e906dae8c587a

SHA1
bd3feee65e65233bca35ce0867941f79ad4fdada

SHA256
d6f633b0d3c0015c4c409e8913a48c15a50ad791e680f455763bc7b4b838ed71

SHA512
14e4ad8ae0c34a7e0a99bbdae888fadb9ac14194bc2d25aa5545f0babf4386d6e3274c18e048764a9cc4bbca94ff77d38b04459379d7da7c2c4ec8ac54666deb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
116c4a4e47549856d8c7d77ea1784a68

SHA1
269597ce48aef3b5d7161922e2c923f6e7dfe22a

SHA256
2bbd992876e5011f04038e4277f258870585c517d8afeb340c97c7b2da59af2e

SHA512
e02983fd22eacd786cbecb9f18e0b5d7488cb69092fd67a75d1e4d0ba8ad594e46ef0f6be4f00d785fff743634a6a50ac300da9d87cf2d6fa7070e29c39caae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
6000bdd87c36b16ca5728b326c0ebd71

SHA1
36c211a1bcdc7351e8196bc6ec9e21c2d03c2fb0

SHA256
7726f4dc5f323022caa9793904bb320e9565723aab0f6236a3bf6947491e5bcd

SHA512
4cb163b293df0c8d901ecd447a057b596ac797d4f8cc403f86bd6e49a3df8f0cb5222379e7288ebeb8c55523a11549fb75d0d5af3eec6e381f46d00816dd9bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
7e86d5c1bf2ff36b15bfbd8fcf748b16

SHA1
59a1515ddff8caec85c4f27ffb17b69a42ec6226

SHA256
82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856

SHA512
943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
17KB

MD5
ca765b8e7dba1f1d87e3759809ba37d2

SHA1
9b72c329e11bbbe5d3b32ce94fde87e94ff0bcd1

SHA256
aa9be59895aa68a436dcbf217cb626eddf9b2d0fb11e31c7943f846bc1df6c76

SHA512
c14ce917fd59a600e57454b61c419dddfe3d0b7adb43cb07f9cb7b1c2b5f59a0cd1596006874b9bb53c2f092cbcf332e3ef0bda9b6c2616c9bfac80b8f0c7a32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
17KB

MD5
01c531b6bbd06a2f0b438670f84804de

SHA1
a5095fbdd8112d83cff24536d6c769ba85300587

SHA256
28c2640e996c514e89ed0638447c3f58bd7a829290bf16d27d7960d2c1121efd

SHA512
61656b632ab006e389d8493ac008d3c670fb2f3a21cea44975c12a62f265f1c0de2ab4f516b302e298bba13dc9c5fc9841adb66f154c335416ce9b0cef89e118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
20KB

MD5
ef9588ca82f853399e5968af99985e74

SHA1
80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

SHA256
9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

SHA512
a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ebec100ec5b1542010d79f6f6ff6db11

SHA1
af482116f38470532a085fbd73ba4de6cd61a2f8

SHA256
7e2c19750314938d7d18918b245c6c05801b5478b66988e7fc9cfb4b294ab78f

SHA512
fb63b806df97ab65ebda29d4f42efba50a07e0f0fbd38732e7f41bbb07d600c6a85d7afc7f02b1a82456ab75014f9a5ad77d5506ed41e4a32a61a241a9b2f4c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
02d65cbb55e5e7771423091599c85660

SHA1
ca1066d2c6cc66f93219d1eca6e9f12b7dec5c6d

SHA256
05d517954ace9f22e657ce033df2d6bdaef35d5d3422acfd74d308c950cc4c1f

SHA512
22850a39467c440c6c2b88380c628b09fc2cdfbdaaf929d373c8ad86eefb4d0cccee6e333dcbc47ca3adff364a61040726e403fabc1c037f8009404894c766a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2d6d728766a49d49e2af52638fd3fb8f

SHA1
6dc7f6a663809940e9db1bf5ce03cd23763e75a3

SHA256
f2226a667bb189aecfc7ce0ad3385b68a697400bfec628383017430f543a2ef1

SHA512
bec0b4a08c7a6f77918348d017e3f9d180c88abe9bbf40ddbfbfae5f5cf249fbb656b4a4514af1ac6858572be5827d121c93c051d05c0b004997b11119340fb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c1995e9c594e4ad23242c62bf98ab7be

SHA1
4156158e026a0c529d53fa77154673204b4d6858

SHA256
e01acf15fe26502488b7325ae6557fe952e2c1fca670af01db868a5a52bf8b9d

SHA512
a24eba8cdbdecd80bd8fc8d877d343991b35033a9aa011ab1a67188f7e3539a35e15e8a53672f7eea39d62245d121978d48192314cc93a33ae1f2e719e788a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
774ad25bd42e7f746f74ab78e4464e1a

SHA1
2aa8b7fa950e0acf664ea7914bc92297ef3ce7a0

SHA256
5d367735b1738be6db924cc2b52152bafe3e74805c2014342a4452028efe02fc

SHA512
42e8d1d642445a30d2960aa85ee0b9bf7146493bd273a552325dc84b16cc6d62d471081a711b1ded0fad92b82ed3f650ad248c7d65ea95f18fe72d42d9a0b3fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a67bf9d50a1ce104bfe6945603343412

SHA1
facf3fcf3bc7221b72ab8e5270f238b4ed7e6c8b

SHA256
e127a617d15dce33d4aa8c6e0c61c37dba50c9620ed09cc156ab17339d29b3e7

SHA512
c8abf1fd7873a86c259c4fc41230529f980b16ef375b9de739e3dca34ca82299d77de1a8a003b8dda40cab144ea0f21f0c031384be8fb68f8ad7af4b3ca6862d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
115d32641f825f5297945a43e2ffcfd1

SHA1
c1f7a8397194d1166ff86649f0feec1f628507e5

SHA256
eb143913da601b72fdd097b2c4e96abaa604737bee277dd62e9a8a02bdf3c886

SHA512
99ed619ef3296562df8f8e1362ddac84c55752fc062572a11b88b3ccb98aea93c9b7e7c84496a6496105d582a78698e7f98ef4b0b3b255be5d9ad1b8abf54f2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
77a8b2c86dd26c214bc11c989789b62d

SHA1
8b0f2d9d0ded2d7f9bff8aed6aefd6b3fdd1a499

SHA256
e288c02cbba393c9703519e660bf8709331f11978c6d994ea2a1346eef462cb8

SHA512
c287e3ae580343c43a5354347ca5444f54840fba127a2b1edc897b1dfea286fa37b5808f6e89f535c4022db8b3f29448aa4cc2f41ab0f308eec525a99fac4e5e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
b66799d715b113faf28da5aaba5528ef

SHA1
1b20576808d17c24f7abf2c49a7facfbc1480da4

SHA256
bb7ed85e7a1833e5a31d62882937ee6b094f2421b9d1c8d9b6e64b9845b29868

SHA512
93d4708a2f4bb3ca7b5bcb0f3dc13eb5e93bfa5e485845822d67770e4c0217797f330ab9395598b1d7452cc8191e4d3848a1b268a6cd1b7a5001266ce53794d6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 658815.crdownload

Filesize
10KB

MD5
fe5d3671fc4ed10fff46f47a3da1e198

SHA1
6877e2170f5cdacf3b434684414cf3b0ac41bbee

SHA256
a73ba0b6c663f471fef984cefa6874bee73f5a976f438a99fddc77b3d0543697

SHA512
125c3b02f9cd1365ab6ff5dccfdc072172240c74bc1a61ac8fcdecc40de4ba23d2c51643cc25cc7f0e042585a0d6dbae7a4d2d06590a94b2675e85f4041b4e25

Download Submit