hxxps://drive[.]google[.]com/file/d/1EM1KrpgdrY2QVy_-4_KQevW_nI8QT0ji/view?usp=sharing

Analysis

max time kernel
376s
max time network
377s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
04-01-2025 01:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1EM1KrpgdrY2QVy_-4_KQevW_nI8QT0ji/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
10	drive.google.com
164	pastebin.com
165	pastebin.com
169	pastebin.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\cfc9ba79-5624-44fd-a369-0abcba105c97.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250104014341.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4084745894-3294430273-2212167662-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3632	msedge.exe
3632	msedge.exe
4460	identity_helper.exe
4460	identity_helper.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4192	Argon.exe
Token: SeDebugPrivilege	2492	Argon.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
4192	Argon.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe
3632	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3632 wrote to memory of 1680	3632	msedge.exe	81
PID 3632 wrote to memory of 1680	3632	msedge.exe	81
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3040	3632	msedge.exe	82
PID 3632 wrote to memory of 3620	3632	msedge.exe	83
PID 3632 wrote to memory of 3620	3632	msedge.exe	83
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84
PID 3632 wrote to memory of 664	3632	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1EM1KrpgdrY2QVy_-4_KQevW_nI8QT0ji/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd609646f8,0x7ffd60964708,0x7ffd60964718
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2580
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7dc1d5460,0x7ff7dc1d5470,0x7ff7dc1d5480
    3⤵
    PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1140 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5803623872650039075,15974002661490269320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:1676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2580

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:224

C:\Users\Admin\Downloads\Argon-2.0.7f-main\Argon-2.0.7f-main\Argon-2.0.7f\Argon-2.0.7f\Argon.exe
"C:\Users\Admin\Downloads\Argon-2.0.7f-main\Argon-2.0.7f-main\Argon-2.0.7f\Argon-2.0.7f\Argon.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4192

C:\Users\Admin\Downloads\Argon-2.0.7f-main\Argon-2.0.7f-main\Argon-2.0.7f\Argon-2.0.7f\Argon.exe
"C:\Users\Admin\Downloads\Argon-2.0.7f-main\Argon-2.0.7f-main\Argon-2.0.7f\Argon-2.0.7f\Argon.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aee441ff140ecb5de1df316f0a7338cd

SHA1
82f998907a111d858c67644e9f61d3b32b4cd009

SHA256
5944b21c8bdfb7c6cb0da452f8904a164cc951c6a4bb3a306eaebcad2d611d67

SHA512
54a2c1d4c8791ebc6324c1be052b7b73cbd74057d0ea46400cfd8e60f9a884ade60d838777eba7001cf44c924f63cba1a9708a6c71bf966f63f988c49ca70d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
821b1728a915eae981ab4a4a3e4ce0d1

SHA1
8ba13520c913e33462c653614aece1b6e3c660a2

SHA256
36c38bde1e74c5ee75878f275a411e528c00eaa3091e7c4adfa65b8b7d28fb3b

SHA512
b8fd54808711878ed567f474f174db662e2457b6c246f625e148944532c70d94d87e96ef6febfb657895dd0eadc25906c9106fa75c6b2d3bd37ca6786f03a8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\73c694ec-4ae4-4bae-a3ac-519b1a6f6348.tmp

Filesize
5KB

MD5
99ca23070eb0fbdfb1fd089e502b4b3c

SHA1
43c593c76fd1ed13baf686dfe81272491ef806b9

SHA256
13867580add458c324f8ba94f4ab437a7302a0e604dd3a9e4a6ec8df9345ee1c

SHA512
daa99e7ed92fab9129599239eada980be6dc2767e52dbec4f6c9e40600468a52fa8875f0c862ec347588bf6fcba8e22fb0e6829f2e2aa3a25f71bfed886b9096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
38KB

MD5
6f9bcbd9790889389f52578f0c27177e

SHA1
941fcd07ce8c21efda837ce99c2c0c532a153115

SHA256
f83e87421cda34647dbbbd00cd215a7f86445af8b2e550fc88413a757b89caa6

SHA512
8e20dee4c862b915790779e05fbb8bcb61d686c6f11f9bf74f459ebb97979e590c5fa4aec6bd83d9eaa68b2cfd6629144b4123c2a9c6757f777593dad313a0bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
721d3a13b17bbfe0f11e566e7507d905

SHA1
1d63c81f5b0cc12f1b101239ddfdb4862db43740

SHA256
a8f4aae345284ced0ecd5c5565ec7ef8366fa956ea0da1d922422895d0d5d11c

SHA512
8c1a5ae56e61c6d3811e614e2302b18c7fde921857865b2e811c541742ddaf19bc477bd401bfa17146565862a2b0a34b4a669443ebeaa667dd1ae4d303b0495b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
70b42dfed2ddb03a3b947366857d117b

SHA1
bdf3c579887889e6832d85a24353aba99a001d78

SHA256
7a3f8db240b67204c628201c88933533afbcafe113204c18783e8e23f5ef317a

SHA512
8b540c1ba5223effc1e811f9011c8faccacdd2496cb7d994c739476961c6ce6b839929af3abc54c114e97ba14bae99629297a255cc6be3893489f632a7322516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cbc69b41a5f1d7a16e24061b7362f16a

SHA1
39c03faabcc4c3f3c117ccddb212e89e724a21d5

SHA256
55fdaacf965201497f5a0d196d140aa4052ae8b25fa0f6d98486f67c296d3ff9

SHA512
0a5da5d974a82a871139e710f17daeaa8fdf7f86f06644fa43e9350e8441bae918e0a4f1ff2a67861fbe7c20cb1d2e6fd139bca0caae5073105e9229a00fc43d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
b6b9801f6cf7a9ff5f7a65776ae97baa

SHA1
466c3ec3df5760bf205e41a758f5f0a81233f2a8

SHA256
2b6a368f3b08dccbb5f6d3161d7ed51fdba5e7c937400f35004d987c96740b8c

SHA512
1db07b2cbd22f410a5b490ee97f9eb84db88fb245c0309acf659ae3c24b70c0a88688f2e7dbef04c26581e87cc25a7aea3eb91376a28de9bf8110fd0ffeda0fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
1ca162457c868ce28a6e0c7cc2ad425e

SHA1
1d540fca84cc1ed63bac80a89b5d200465537e4d

SHA256
a2c1649f9d006c5d3f741d91f559afacb82ab37a59fdb15e080b0f242f62a63e

SHA512
36373e4a8166ab5f346d0a05907c7dc68fe5b7c3c60423ff4421b44c65118c5f6757173a34ea2bbeaa9d074a0493cb9b11c7a3f6b6ef6f7a5888a3157f99a063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
459a5e3b67d0506dc7e84a4c5cee3ae1

SHA1
25ee42e4d8c08946f7df7b44b41fe6287b8b9f1c

SHA256
8d1454f10c58fa64af6f39eaca6dea3c6b4266d2dda2488e6dc1596476ad2261

SHA512
4fbf612e92c3efb96e619d155f4e36a81969cc9dccb80d8c8ae7ab031851ea8b3f8e1ba09ce9b83c7d6cd124fa0ce149d107b780d56794d64bf8d11f4f540ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
113c87b846ad546dc838ae834c3a3a34

SHA1
49d1f74979952d5a9176461763ce35886ec5125b

SHA256
583987cb1770e591cb9681cef903b40b17bf6742edc597fbabc23fd449607c87

SHA512
de1fbb298e1d98d9214d4411d8624d5ab7d22b2066af7b789ce968c5798ba0ee47a3e275a13567585580709aa10338973dee8d52a1121307947ec5f81ae87283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9180da52ef3e37b0c9c1001963ad814e

SHA1
56fc87cb1d97ba6aae02da8c6e01b5e56d2eb5c2

SHA256
05fbbff24bff41aa5f5572e1e3c252907d1915ed2ef0a92c886589e6ad04f601

SHA512
69618c9bfd157857775459bdcc49cc382d0df9eacf939a356a846739e908fe6605a30c895818ef6953fb5f1ae8f836e033d2a56fb43c63f35498aca2f94bc8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5088dd4906eed49bfaa682c9344c937a

SHA1
fece270ce9d95fb4fa4939cec7d7ef29d56d4871

SHA256
705fa646c0806b2eb773bcafad2bb1acbf2edb41bf9346901fe8c6d8f6021a3b

SHA512
43cc4a81fe849c863c712a66af667bfea670b7d2b73528a75187d94993bbe1bb7806233e4a2e770350242836d5f16c5c1055bc9811526b7cd87d3939530bba2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58970b.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f15c82b5396348eb9959976b0601116

SHA1
9643f013dcfb9ac323d12bf662aadd3c5e37f990

SHA256
276ec38116233cde6652f35be9c35c1921e2344812257de64a11af0c0d010f68

SHA512
7dfd71ef0d38838b9cb449c048292e3bce3507a0d81c68b22810ac3cf9fb62fc144bffaeadeb95bcda206a5d327ca5eecd99f24f6138c20583208ad0135539f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a34ce2f7d8ea7145d2d32b43264e123f

SHA1
c7b8d83e5b3dd14b74f4da05f793ff63cf52fc35

SHA256
e0dd1d559a8bc3cfa0a965979c45a17fc3fbe4110d9939ae0cf1ad0f6b5103c2

SHA512
b8c50f2c66dfb097ffc217c3214ce8bbc3549e9fe43b441d5e7175c676b4331f44bdf044d7caebc7a8330350fdc1ad54d61f07416761a0b837becb9fb115b93c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
534b6795a9817dca86a8a9bce9cd3b4f

SHA1
eb93dc075c4875ed642484a579928fa55cc75842

SHA256
51ebf4df3a2be4ade6dc27d562f9b6c8ade6da8d3588da5a385f6379434218d2

SHA512
41ce6dff53ac315fd6b3614a90df92dcf09bf29adbea50d468740d70f98d75a77474a800b28e07d9191c55d23fa96bf213ba62a1737384b217e8553c57eec689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
09c4bfff947acdd8334c572cc85f630e

SHA1
b4e3a267e4bdf4146c5ac2c8802abf6341f68497

SHA256
554d7dad2c219db162cf8344518d13405e6773fb51b51c59c7de20078c86649c

SHA512
b41a5f4bcd52d13ebb365810108ff65fcdc45212d4d093d7e04928612ab7a113fdc50b4b1efda05a1fb1201d0c798f0690be00dbc51be27e582079fc4ac8e9fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dab882634cc9e23065343d4caaaba16f

SHA1
09a27e1f4915eadb6ae7ba5534f149dc8c7e1ae2

SHA256
225be5ed820602775472856622164ad13d1a04bbc215183f8d08137e716eda99

SHA512
df2fabc026a5f468bf390552ffeae316d6e83726c618495f145f0584765c03f9ce94fb9863595c3ec30f976a077d22c5e9446b9cb09c09b780e6943b0c1b9f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4603178709610e7ac18c3d7d55962cc3

SHA1
e70f369837dd45f3ea029c4ebfc66884caeee981

SHA256
8d3b29ce4cb33d9ea2eceb8f039fa9100fce8f75fab2888859bc0231431d12a6

SHA512
96e34bdf70df0bd1fa111a60dbe7d6651a672cf7273f2910b45b3a282f4b9588912da9e3145b60c63b5628507b335f0fdf2ba3573469e062e53c6061ea50e78e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ac58bd8c9bf1fb1e4a87d4e93a362504

SHA1
c1ef803e364f85d58f83086b51dddac524fdf4a8

SHA256
75148b603db4bf9bd3dae1d756f410d7f79139c9fc0eb092c443ac4d72e0da52

SHA512
55ce0cd94ea30ceba68f58783bdd76ea252b6f2f97ba24e962b1e5d095a811f01b5fb31dfd68cef8c4af696b6b2ef9b986a48c9162e36c03a45050b2bc615102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
40054cb73dd68fcf513186a36e7b28b1

SHA1
782f64c46affe72bd6b334c69aae88aa32216b2d

SHA256
136f61f0d620207ec049ca6889378a9e89d998a6ef15fbd2a8095482d8d88118

SHA512
8689097b5b94b64af0be6b51f176041b25f5464bae229b7344df07a29893d5f13498c3f88f6448b956baa7accb460e31f5ffec6eda35f31b0587b5b0a1e63c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
729df10a7e0b722edf6673d36f2040a3

SHA1
d082d92cb6eb8c0d79c9ea7e67e8b4828c5ea02b

SHA256
e2c498352af617d6d1106ea4d53c59fadc993a1f432068307250cdd0be68f7c0

SHA512
1619048945ed9b48ab2568dc546adf5173f2c60d03ee74f4616c3ffafe7182052b760feea19ce288799448c0f613b5e5592e5c547417fd7705997663439e3270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
3bdabb5e7784bb60e33cd3986f012dee

SHA1
bf35a2f32a17089dbe0575ca2d3c99a65bbeed91

SHA256
553bcd0b98764ef31044fc1ada5e22717a0ded9a9f5b2a3fcefeb715c6ccda2e

SHA512
a4d2201fcc6a35108f688647f9d9de11b7eb0e01074d1e8a41adbd825b64f80d86e3af3c60b9b66b2a068225ef91deb0463fe31cc117f645af445d9cd79b1672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
0e9cdc975f344bf8acf4ed153c48f70b

SHA1
0e7bf4c6591729b4ec82a71e2623bc0926916ce3

SHA256
c9587721c7dc4b0492899f2f6bf45c45865aba32dd54a56c5a972829031fc4ed

SHA512
001cd083e3b11094ae62549e37fd1129396845ee8f14ac35a07478a0a6c496094c05bb90a4693062b4a8fc73100310af4609960ca67feb2e1f635bc4e7d17c24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
75b636dcfad8ac2bdf881933f1691826

SHA1
1bf761d927d66251978da885916935a2d00f0fbc

SHA256
557bb893adff480e5835defe7aa7678d4899a3124b136f0f59b5e7a7bea4aaa7

SHA512
8cc5c8a5bdef7ca15a3b7b3de434d18bfe14dbf83656a8b7292830b5d8971ce675bc1730ae75052006a2dacf213c55ce2dc02721a07796a4e19476ec5d3f8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
e7977cbddb53dfe05a6d318a05e98d00

SHA1
63e3110c339abe0797c941ef42fce187db42aac6

SHA256
cd01c284ac8eec702de79f4e45fc920d0d8ae6ee23ccd1b9a3e56190d752f6d7

SHA512
41d599915734319ce4d7ec30e35784f527fc8cd5ae54f276f387908982e004529dbede27194818b1c09b3337597830d9248246943c1d63f3d30bd8999381210e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
32dde356674dd447e066f8274e85b491

SHA1
3d5cf53e0559fe7942c4abe235ca8f5573525cd4

SHA256
eba8f1bdeaadf66c70473eeb657496e6af005aeb843b49b6c4440e5d400877e2

SHA512
c94d254b282bfc1dfeac47f73221692ea67d61f549422fd2df1bfd1eb8ef3b0c18fcca3304c333fd116943f7e612a03703c397a5c0aaa6a8501c75d2f1341a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ed50ad76ff1632e0111b14720c71fe66

SHA1
f43fefa029828fa294881e00ff69ed44dfb3838b

SHA256
4610110ceb277665312d914d3d6e93614bab65693e375f4278232fad22854f0c

SHA512
5a5be31b1abf503e6cc1dbc542c22804cd158e67733151f2292b4e46578d668ff690aefef1051bbe1525903d5e85b1604b1a933dcf672182a68904fb16d18ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4bb3bec58e0627d57a97a7d47f68f4af

SHA1
cc10cc6407d2f99b37167f60dc5e7e5d778fef43

SHA256
cbdd2cabd23e2acfed820116abe5448c6c89aa9abae7e42fab1f9f765deff36c

SHA512
f3c74548eb53f3406096a2525dde22cee79f205479a23e880c9a45473ec7aa8303599483cfcb4bdb010201a7f8832c626bfcb07c7847900d2f11e382e030c5f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe55.TMP

Filesize
203B

MD5
15d73097deae6844460fd79a7e294976

SHA1
35d045ecfd0832bcde7518020dc952cedb5a0270

SHA256
51067f1f047621bc3df8a516540c5082a287554ebec41916cacc8d11ca3eb047

SHA512
e3f3567d28e9ce2c028d716724c66c72885db0a2d5dee62f6d9cb5c971cdf1be58b06791ee9290e80da5dad4fcc57cb362b7d561931f8c2f169d0a7ae8664496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fce0df9693ee74dbc8243d3459cbe716

SHA1
8ff733a1b4c86ad8ee3c10eda08e63c581c49ff3

SHA256
a4624e6c6ba6671b1ce88e3cbfca843c94ac3d6aae6ea3018308fbb256ceb59b

SHA512
7b7e258a3e9fc9a35598196eb9ec1ce3588ffec0450edec4ca84a6ebe8bcd018b2d47954f716fb73cc9dde72954a916ebde69ca11ccdd9d582f09da00ba9b91e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
2ab7fb32d25121797bd68dd2dec75bfb

SHA1
7af7d5816840524fea5b976f125ac1cab67b3bfc

SHA256
a69312a87f9cbb0c256a6447b65e72220ba533a3e8dcd52ab5babf1e6aa4955e

SHA512
6c949afe6fa03965023a023137ca28e8b5b02bd685d97939a4c15928bbde336019dbf10c41633620a7d8f3d119688a8b10176c9ec993caceb7b48bdde8ddee59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8c09bd8e793b4f0b83e92f0341d4a3ee

SHA1
44f7c1d2391d1f9293aaca6c77b9aa6fd6ed27b2

SHA256
ae70a02439ea5cea7c6a446c3ae7d6b2d11ec139d26783e8794c838e784f92ff

SHA512
232d42cd0abcd6b8410b01da5cc13cf5554d242ee174ea3ea538e507e674a43fb9bdcd88589b7794fd40468259e5b56d104fa7ba8ccadaa85a25e3fa546398aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0a49587a24cf947af9fb20aefe492a16

SHA1
681f31ca8c10b898ea0ec73755c26e428356d6e3

SHA256
cd34825170165eff2a0b7376936c7ad8953010098bab279fdb04c93e13f1f3d4

SHA512
660e1efafe6e706b86ce5f37e025cc0713037abb793b1b34df1ebb7a3f0b7de1398e0172a3c053581f1e57745dcdd24945afacb74433f1570560c15f9a3da8cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c19c0a706e1a90a612c9bcb7e1ad0a35

SHA1
0a55a4a3bee24ee9ad1409cdf9144dc5c5975615

SHA256
c7789b3e028dd6e94343395bb6f439b0505d12d095ee86889db9d6de442d9a58

SHA512
d7a82d5245d06cf81b748a9db607b63e7d2cbc4bd85362bf9be2fb0e973c898aecf2a50fe4ef1b955ed9b09e73e6aa9164cc2661adb1eeb6b002929b33de5ae8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
7016047ae3c4598c9ef014623eeee21e

SHA1
8646df6871aac80092dbf908f9463f54a45bc54f

SHA256
75d88aec97360359d073bd359f686f8780af751f4fc750777aae0292210265e3

SHA512
682474b2a2e60abd4478e3955f20d8dbca1b2a7e7763dfbee784b09a1110a06ad408c4363dd36da5c71da25e859c7a8b69fd48d6f05309521bb729f28f3e81c3

Download Submit
C:\Users\Admin\Downloads\Argon-2.0.7f-main\Argon-2.0.7f-main\Argon-2.0.7f\Argon-2.0.7f\Log\argon.log

Filesize
1KB

MD5
ae01d774db442a08b5903187f151ca15

SHA1
0f6f6b20f99d79cead9dc02a346fa74f9ff98163

SHA256
352d0331eda1f12e63e4f36e5e53cdae06570218f1ab83eab5f170502264422d

SHA512
e1b5578caac986b8cf94dec23f74e98daed6656f1bcbdacf40aa0f1b470dccfe5ad2fa957aa69e3730ef7ba3a45a61d1c74dc6968ab3934439d767b5bc0bb728

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 794184.crdownload

Filesize
15.2MB

MD5
bf899a64621385c076e77c3142c8ff1a

SHA1
837cf94af0332d07484158d81293ba84df0cd8ed

SHA256
9f508ac5a4cb721cafae460f933ecb4fb71646faee3a41e5dfb72a124bbe5c2e

SHA512
02c8e701c44b8c6aea70bfc19c6fc4bb3321ad65acf824fcc4ff2cae73d956c7ff2dde4710b4ff90ea96035e69733c7c74e23c6ee8c242f2bce900bb97f50daf

Download Submit
memory/4192-614-0x0000027B39840000-0x0000027B39858000-memory.dmp

Filesize
96KB

Download
memory/4192-619-0x0000027B3A3A0000-0x0000027B3A3AE000-memory.dmp

Filesize
56KB

Download
memory/4192-618-0x0000027B3A6D0000-0x0000027B3A708000-memory.dmp

Filesize
224KB

Download
memory/4192-617-0x0000027B398D0000-0x0000027B398D8000-memory.dmp

Filesize
32KB

Download
memory/4192-652-0x0000027B3A850000-0x0000027B3A872000-memory.dmp

Filesize
136KB

Download
memory/4192-616-0x0000027B3A790000-0x0000027B3A842000-memory.dmp

Filesize
712KB

Download
memory/4192-615-0x0000027B3A3F0000-0x0000027B3A488000-memory.dmp

Filesize
608KB

Download
memory/4192-613-0x0000027B1E800000-0x0000027B1F310000-memory.dmp

Filesize
11.1MB

Download