hxxps://drive[.]google[.]com/drive/folders/1p99HXrY5LZaidBnZI7znpIyaIXboJCmJ

Analysis

max time kernel
332s
max time network
332s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2025 11:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1p99HXrY5LZaidBnZI7znpIyaIXboJCmJ

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
9	drive.google.com
151	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4164	2568	WerFault.exe	144
588	1884	WerFault.exe	151

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM.Picker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM.Picker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gScrape.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gScrape.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM.Game.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
868	msedge.exe
868	msedge.exe
2844	identity_helper.exe
2844	identity_helper.exe
4796	msedge.exe
4796	msedge.exe
4376	msedge.exe
4376	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3528	msedge.exe
3528	msedge.exe
3668	msedge.exe
3668	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 4296	868	msedge.exe	83
PID 868 wrote to memory of 4296	868	msedge.exe	83
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 3720	868	msedge.exe	84
PID 868 wrote to memory of 4920	868	msedge.exe	85
PID 868 wrote to memory of 4920	868	msedge.exe	85
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86
PID 868 wrote to memory of 1648	868	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1p99HXrY5LZaidBnZI7znpIyaIXboJCmJ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe814946f8,0x7ffe81494708,0x7ffe81494718
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,3365828017967135060,2918613073372683228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3480

C:\Users\Admin\Downloads\Keyword Scraper - by xRisky-20250126T120208Z-001\Keyword Scraper - by xRisky\gScrape.exe
"C:\Users\Admin\Downloads\Keyword Scraper - by xRisky-20250126T120208Z-001\Keyword Scraper - by xRisky\gScrape.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2568
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 1088
  2⤵
  - Program crash
  PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2568 -ip 2568
1⤵
PID:4016

C:\Users\Admin\Downloads\Keyword Scraper - by xRisky-20250126T120208Z-001\Keyword Scraper - by xRisky\gScrape.exe
"C:\Users\Admin\Downloads\Keyword Scraper - by xRisky-20250126T120208Z-001\Keyword Scraper - by xRisky\gScrape.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1884
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 1056
  2⤵
  - Program crash
  PID:588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1884 -ip 1884
1⤵
PID:1676

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Steam Account Generator v12.1-20250126T120244Z-001\Steam Account Generator v12.1\accounts.txt
1⤵
PID:5016

C:\Users\Admin\Downloads\Steam-Achievement-Manager-7-0-25-20250126T120322Z-001\Steam-Achievement-Manager-7-0-25\SAM.Game.exe
"C:\Users\Admin\Downloads\Steam-Achievement-Manager-7-0-25-20250126T120322Z-001\Steam-Achievement-Manager-7-0-25\SAM.Game.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4720
- C:\Users\Admin\Downloads\Steam-Achievement-Manager-7-0-25-20250126T120322Z-001\Steam-Achievement-Manager-7-0-25\SAM.Picker.exe
  "C:\Users\Admin\Downloads\Steam-Achievement-Manager-7-0-25-20250126T120322Z-001\Steam-Achievement-Manager-7-0-25\SAM.Picker.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2148

C:\Users\Admin\Downloads\Steam-Achievement-Manager-7-0-25-20250126T120322Z-001\Steam-Achievement-Manager-7-0-25\SAM.Picker.exe
"C:\Users\Admin\Downloads\Steam-Achievement-Manager-7-0-25-20250126T120322Z-001\Steam-Achievement-Manager-7-0-25\SAM.Picker.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SAM.Picker.exe.log

Filesize
410B

MD5
3bbb825ef1319deb378787046587112b

SHA1
67da95f0031be525b4cf10645632ca34d66b913b

SHA256
d9c6d00fad02f7a9ef0fcddc298ffd58b17020fb12b1336d5733237cbfadb1e0

SHA512
7771ae543e188d544e1bb6c65e0453a6777c1c39790a355f4cce652a815bfaf94dd426de3db910a67bd06e463ac0143d9e2ca44d2b12af7f0d84c27b4a09cc54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\380daee8-53ae-4b22-940a-d1b9afeab3cd.tmp

Filesize
11KB

MD5
36b204d4a2934020442e316f6bc19c98

SHA1
37ec0de135a75fb8c90189ed8fce152caaf3285a

SHA256
54255efc59e52edce7ab21d1b273fe2fbd352342ad6565cd5002bac6e41d7939

SHA512
26812fb7713a65094b0cf0860113a61a3ebc2e0cd9bd1c7a4c61afe1a8ae9d38e702641ca813f97ffaec25e614f169c8e72483a6f1c29ad27b5471673587d9ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8686cfc8-ab1f-40c4-87a4-dd26619f63e6.tmp

Filesize
3KB

MD5
c17947b21516be732ccb8f4ff8142319

SHA1
a352e00b79b5eefcce5c25ac9e3069a4080026e4

SHA256
f050f313e1aadff977c520e1f8fe910bacf8910e57e0c35aa7b87b7d9ff5ed4c

SHA512
c4f82c1cb01893da790ac33078153b50b1639f0051b110757e8b5ca3290deeb9597b5dc0665b3be118a8f3c1f4541de1b7f0d4426c8e2c85afc4d11b736f85b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
215KB

MD5
7b49e7ed72d5c3ab75ea4aa12182314a

SHA1
1338fc8f099438e5465615ace45c245450f98c84

SHA256
747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6

SHA512
6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ef70572db0496b9df1b5cb4489cc37db

SHA1
79c73913fb5df783fd1b711ddf9ac531ce72cd39

SHA256
b97f5bdd401844865fb9f8021ca734c513f60c07028ac565c5fe2c48a88c62d2

SHA512
8d7b5226fe66bc92e56505cb079a4b6099b0e8d76e302f4560e335b27bab0a484df2ac919e637897f886b969944c1e107ca959a027fe72193df1ec19e9ccda5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a0045e5aa4120e2d13625ca30f014b4a

SHA1
f87509d3df5c8112c7c3ab2854464d74c0113af2

SHA256
38a586f40512e1f3893816d9b8477a4fbe1309f6fbca470528eac818128ff583

SHA512
ed00a02bb2303da199d5ea26680d35df0e9c49964fa2c6891153569040e52749319ca9a5e9c932bb712f75914e8d522cc7b60718393b735bbcf839867342bc2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
515c1e2f2a5718ca30eb17bef5f8059c

SHA1
3947c8e55618ad714d7aa7bb39a028590a09e738

SHA256
c211c8b463eb56d369f9d7e3dd99e6d62631425985f7ee6dbeb11aa7ff7333ca

SHA512
86ea8a8e50f92015164c85cb495a74384a850a5ac047ea2fd48470c5457fcb95c9088c4327cc226ebc9a07a01fbb49feeb84dfe9ddbb3e383258eddb8d47fbfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9a049ff95cc1f622599b8691a64eb263

SHA1
6ebbda8bd1f26f1101301c92c0168d2c73843026

SHA256
a8773b8b86c0204b21dd05077a9cf46aefee65d6f9e3fe6148e09425caf21429

SHA512
40539855ad6b9c33f09edf3cb370475fb3a16b5c2a218149b1486392f38ac1014e4faac59a02cc1405d113c4cab86e2f0589b8b452ef08d1b826220c4276446a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7f326db7d2eb8d2f0a7bc61e846eb290

SHA1
40fc38cad3a2e9514b0fa636f41b36e3fe8ef2a1

SHA256
99574bc4da676b176ce97142df553e3a39b480827fa7ee3a2489771430a0bb1f

SHA512
3bb1205a47bc4bafce89d88afac4d225ea7f8625114f71ed639ce7544b00664dbd5b3454e1ee87bcb91ae4cd1fab35d2308d33eb8aef4333f763dd070e2efd93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3e2138bfd33c4acf9794ab16211eaddd

SHA1
68aab27f5c444d35b4756fd7657caf6779b5b4a7

SHA256
ab62ed671c4ce4f542a2ec30689c1e63edd3805ea6968c2b3a6dcd5060017035

SHA512
6b695fe621316073c6eeaa6f6c51dc5c17ba48aa1bee8a7a40135794ab5fbfb4374c5265df8c0a66b3676513e0337d4e9c5aee2b12ec04d57fd2fffdee02b6f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
619b72fc869e91df82a0b60020d86a75

SHA1
01ad4d284f0e2383d45aca54e8c3d0dc4a2c5894

SHA256
8df8a4058e2fc0b06c0b13edf211fa1a283a5e5786064e5d24140d5fa8b7d71f

SHA512
d9f520822d2f74948c226c51f45f2053cea90745e3b4b74b5ee0e14caf1d7097a0a11caa5e4258e20620f6a2403ddbb337f004d8cfa4199229aeb6ebcd9b2411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11d4639d6ce08eb03253f0282512011e

SHA1
672f6c59f00bae8adf5b30513cd7a359e7cb2c12

SHA256
28c3487a57f1bd6a700ecfe6e05c935482a3d6a144292af086f463d022010a33

SHA512
2029cd5942cbab06615ce4b79559aa1f0d627f13ba813d11783b0e786e7fa689db4b8a81424fc7dc5bd7937a9db46bb9ba05db48bf8204ab9145033f211bb714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
88850adce0092c126fe30fdfad929919

SHA1
8b5e19715654b170061b68420ed048df6d757f8e

SHA256
f3c4ec5cc49b9fe3dff9f7e5ef2f9ddca5ff1ec3a00641d1a1d46d7e1f63e552

SHA512
445941ddc2d894bf9d479a8ec05fe47146bc1b3c491a965af766d6327489b228352b81d37e935fb6a0ae87b8eaba1bc17831552a5b0b4bb85f1481eb84cb6e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
119a8a5dc84371714d9c00ea580c4d4c

SHA1
b3ceb920465160d5fe51d9f0d61224b61e044147

SHA256
11ba3f7c2fcb1bd16cb898bc8432a5274f6abf7f19701a05fb40954321dd60b6

SHA512
350a4ddd20380726fa3fd9334ed0788e4a63853afd4916da57ae11e031b907651ff2012966024c7de4e0e77adc428bc93087f926e7f27bd37842dde22a6e50e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b7e2ccce2038b8bc4a2cb0bd7a443966

SHA1
b8d06bf2c475e087340466f6bdc587ffe31c59da

SHA256
b51129c68c67634d848902c3efc7a837b10828fdf5a6ba3402d7cadcb5e6f11a

SHA512
0172d42cdae6f81a0111dec9bdb7f4648f579fb1140095353c51d82a2f916e8418a4a71b36b23846f5e4120e8b4edfd8095878a158b017f96baa164afe37f521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
adbd626bcfb6d10b2555e15bef309940

SHA1
b236afaee251a9e97135cfa94a41cbec67befa69

SHA256
8757ceebb52b0ce76368a2a67453a54076b1d0a75edfcf299357a796e51eee30

SHA512
a7d6077c9e2f5d2dfe7e3093c19988f70711c33164a7c9d4f59c0176f6638e593463e0718bef714d202165e84d3de3b32da2b1e8c529515b56a4022264938e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a82a4f739381ecea74c58c7a442c596b

SHA1
3b7eb2bd4a5f28bcc41707359948b8f4ab358c12

SHA256
db9d03d0be8ee5ffea98bfd4c337a3cc3f87a98bf8db87d179f280a0e7b6de89

SHA512
d4d3c36837a35dc4e06e03b27414c4705909fc9c697a242da4e40740918c9b6107edd1aa5beeee6f99eeb4622f138db9985c10c98f312104c9e21cfe7dbd3290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2874af620720f868d3b5ddcda58df740

SHA1
63437dc91c13fd5359012c4f2c868753a664547d

SHA256
e49dff921b499482e5cf513b2f54012362c5227646d57c35549d6a1b526787bf

SHA512
5047a4319e73676b88ad2175fcec9dc8e66ade2bb40e6c775a6b03b5f86ae6fe9fd9d3290ef071102626580d748ca1bf956b5c9647ec4d3de5dfa0eadd99a1b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd55d78c5d489372d6191992da7f853c

SHA1
f2b296b7184d38b3388caf9223091dfa47102fa6

SHA256
d735fbcbc4b65a6c8479628a58dcca898ea4bddcaccbdbb7e63b134ffb6c37de

SHA512
0124220dea2d5ba8b7c29407d1d6b0cbf7b19c14d36a0705c85cdc0bec4d4972f4e90c59271c6deb10660efe9d6689eab6aa5825c15f101127d91f69189c88c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e3737b504631d818624ec70adbe10618

SHA1
b7b2bf4abad58aa449660cb31757314e29dddf26

SHA256
67672a984c2b98f1de5c146693db98b56d585354e7a98476cf42a2d51ad61dfb

SHA512
5c5a16c6874023dd55252adc9d67c6d8c2650b04076c64ed25797ad643c2d41f374587598dc86ac5e01efd57882217ac5cc221fbc61c3962af341c31f84a9f92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ea706ab272069adf5f7328df30f88607

SHA1
d0b042cdec63b46d5605640239db86e2b8b6bdac

SHA256
62f8431def8fd786664ed0e3e44bcd5e3b39f0bddb549d70af40d24cb74d2e74

SHA512
ea72026c31221dd05a6d31e99937aeaa484a1100bc38e1e69d8b744e8bac0bf846602fc66f9f9333cb95df8dc8869124d34f80fbe0efae9313da5e9852cff2b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
565e6afe945e59ceb8263771059e80c3

SHA1
875417a03bc486e3b064323a066e1257fbe23e40

SHA256
1109b7501752f9580526cc15609ae7d77859001e8c8d06d1fba009a8410738be

SHA512
22db173be254fe4d384e2762f93c3e9cbd8b6e51423ddae334864939fcc075d083a64a8fe2c46a8fb9afdd619d3542f93d74d2b05ac736e00f6626e6aecc811d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bfca1db99f427031df1320a3f38a0159

SHA1
9afff8264c4f7881c96c287b93ed41a0728d8839

SHA256
7022f4bf9d171fe4f86669ddf98e2b49d6fdfa242359589460cfa9646a975c0a

SHA512
88428637e83b9555c60234fde1567bb79845660e54ad5b74844652436cb999777e2d0b84ad4034917b9deffa463298404cb2762cf6b0d5769d71590e505ad398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
182fcebaa4928f4a9ab70d8dff070a6c

SHA1
f06c7fbd159bfd583638a01d300ae97b47103343

SHA256
d517fb3b1b7a38a314f08973bf9ebadc7f5e4173bd9772517fb503f717430819

SHA512
3e92f6d6b443aac66ace57864431c33d42e965736fe6d20a9f69677ae452662e133873fc640b6afd23795322e2d9e99e5a1355b068e429bbea295d8be594a838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
efb8982ff38329e64aeac38d9b58b384

SHA1
04c1649f6f693125c4e79ca919027e2298e81556

SHA256
b4fab4616f9b3a7cb3ff82c8f9abd0ae3b419a3cc17cfe1bdbb37074009faa6a

SHA512
855a861dcdf17ff90009160224709edb96504e1347aa53e102a11b4ef0c6486c2c51b1274cebe612e8fd20ce62bddcf093c552e51f3bef2230bd2651f9c676d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d9f2b5e451281a857844f01b68ecf7e3

SHA1
f63206590bc1a2d9a0a6245f919c0b685c21ff8b

SHA256
65692e2ed99872991c374bfcf359fd70f7921f4e92e3f69d811b20c68f9bbef1

SHA512
047cdcd0728f39bb3e803290d4c7ebe89fdd14336eb317d92ced8dcf625cdbb953b752ed9d86436711df5e73e2d5d499e0e273d7ff7ecd908a7f88573287449c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef1333400ffc9db752244775935006e5

SHA1
ee817bbcce767f4981fa53e5a0cf5eba6c5e38f9

SHA256
b3559f7296267580b7ed11e46c5c4781987e9f82d845bdf99e65e4e9fae36cec

SHA512
a5e7778008a6a143b5de0fba0f17ab63ee992c2f555ed6039fd06d5bd1834e156a88176b9ca5c593aa52e12f8db58a72967bfa21c3461faf7468491807160cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1a011065f82c6f6107506d80baaee9c6

SHA1
9856e443eb67e67e012520628ec65bc856d7a700

SHA256
ce0b860ba1f70776153e64e58e1d70373cd4e9b41d0db2934a1bc0a416f2a527

SHA512
65da735d00722123ae564b3db17e9450d449428662ec87a88b253bd6a92bc16a07a716360d261137ebf387f4312cae9c2e150e52f1d140cb8fb674d10b6f3389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f33bae7e85ad988f5f98efb92ffbd8ae

SHA1
f0b13e8fc3b7566129444c13d1eb53904c8431ab

SHA256
aa8dd910e5fa2fb489bd44a2233b7034cb8359df8b7da57d4c9b56dda18aaf17

SHA512
052340dc38d329b2abb89fcbc2f4698fbb7e9555aaf17016b680d55273a373b2157187d94df8804bfa365a826c418fe74076a0803b6a4f1f72e6c04d02f4e914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d9bfb1d8a70ac42d42e58eeeff6569a

SHA1
336b56ed343828c74652bd83a94361f1a649c8f6

SHA256
86d6b893d771093d05dc9dd2900eb82fe22e251554032bd50bc039a571b6b7ad

SHA512
a9fd591297a2072ac7a4224dcbc00c75123ad843b92ae6b9333deded2db2fe47214a87fb1dff48a92f7b8d91100971c478049cb172ec05b8973358600b0dd8d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3b2b89ef51b17a89abd7b0f901aef0b

SHA1
1090045f22177af0193fce0a224ff027e06fbe59

SHA256
1d30271165980e412aadf1279510901bfb37a6401adbd85349267ec80849d1d3

SHA512
f09395a5cda4935ed1c56cba3c4c9edb7674e5dd23371e39a951ef8da161507df9e56d87123b05b6c1cf4fa2b36da874d0d713e4d4b4506d5d36a1eda3673026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4c1904336224f51b7e221151d5405210

SHA1
e468ec8eed1084a5dc5faa5c9d8316e94d0b4c8a

SHA256
f71636e695229757b2a1a3ff608a60607c491767b0ebb00a4c2b0009de523aaf

SHA512
f5727e32911352e3ad26aa29f0050e104c2627deef8843b8ede6b795d442d95567713d75ab59df02c5c8801407ad36e0778edd3da1ae1b7d2975d0fcb7583943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7c2980a26cd06e7b12774c67061929b8

SHA1
35126c80062b7e776ef149db7a8fff2742eaffde

SHA256
1b4a699ea05b3c7bf606698d140d9c0d08c930127e7d5907797140436a0ff6ae

SHA512
ff2dd3e56085032baa8a9f09183dfce9bf83c103b6fa59000d349ff2a58440c346daa0ce1b3c234eeb767d9b29669b2ee5cedd9dfecebcec86a200d19453bc9e

Download Submit
C:\Users\Admin\Downloads\Dox Tool V3 Cracked-20250126T120013Z-001.zip

Filesize
432KB

MD5
916f1992ef7f3bdfe0e5c3dac4246e45

SHA1
65fb45ddac888b314b1579c38ebfb88432f200d1

SHA256
34de7c3f872eb36ab0b0e004762867cad9d020ec44ea9542558094c088508ae5

SHA512
6020e48a96b29eba923e3e4971743b46f0e08e30ca2dc67a9161e8443e6cda67aa14ddc21fad90a7bcde95745c89e76b42c53e6f73165d7f1f381832d36da37c

Download Submit
C:\Users\Admin\Downloads\Keyword Scraper - by xRisky-20250126T120208Z-001.zip

Filesize
308KB

MD5
081fc3fa6d02f5aaf0378bcc2ee15455

SHA1
457f40efd3f13d4f4078038d0d89c5ac043aa12e

SHA256
7809a08769552447596ada9c02b69b9beba3949e1b6d5b4be85724737565885f

SHA512
6f26575198562bf8c6c7992ad1d86705deef49e6e99411aff8856d4f7403163445fd9539dda62d9a98ee4810130774bd95b69325d6575289c07aeb49cdab9066

Download Submit
C:\Users\Admin\Downloads\Steam Account Generator v12.1-20250126T120244Z-001.zip

Filesize
76KB

MD5
0eec4464df5e48e592d3cdf54bc85ae4

SHA1
55c70a927bd7f4dda004efbe10df8b5b27bf4877

SHA256
d0ee1f171f956d3141c5892658bf9c0ce5a9dcd34b1916f7ba21971dfa2e3aaa

SHA512
3d9c9b48f5ae129f52a96af445749e6977241acd3fde820e3305cce081aee8a56d627618b21e725d89a18947c4893ebd8ceba3f544e931d883e29a5b9be7a9b8

Download Submit
C:\Users\Admin\Downloads\Steam-Achievement-Manager-7-0-25-20250126T120322Z-001.zip

Filesize
54KB

MD5
b36d40976be192e282bf83922d9cfaf4

SHA1
07024c3561110e8a257a8a6a82c2231590474fbb

SHA256
7476bcbb565097ab217f1b9d0cd1fcbd9e933f728c577e23042654acf1f965fa

SHA512
80d35695e4e2900b4918ec9c3fba5953b859417f3fab03095306f02e19306111ae400a54400c8154daa2ab4391a005e0d6f00440ecea5ceff91c25132e034cba

Download Submit
memory/2148-629-0x0000000000C70000-0x0000000000C82000-memory.dmp

Filesize
72KB

Download
memory/2568-587-0x0000000005520000-0x00000000055B2000-memory.dmp

Filesize
584KB

Download
memory/2568-589-0x0000000005890000-0x00000000058E6000-memory.dmp

Filesize
344KB

Download
memory/2568-588-0x00000000055E0000-0x00000000055EA000-memory.dmp

Filesize
40KB

Download
memory/2568-584-0x0000000000B80000-0x0000000000B98000-memory.dmp

Filesize
96KB

Download
memory/2568-586-0x0000000005AD0000-0x0000000006074000-memory.dmp

Filesize
5.6MB

Download
memory/2568-585-0x0000000005480000-0x000000000551C000-memory.dmp

Filesize
624KB

Download
memory/4720-627-0x0000000001480000-0x000000000148E000-memory.dmp

Filesize
56KB

Download
memory/4720-626-0x0000000000BE0000-0x0000000000BF2000-memory.dmp

Filesize
72KB

Download