hxxps://drive[.]google[.]com/file/d/1RDeGwJy12IQRaim9yNVXNPcszpQPZTYG/view?usp=sharing

Resubmissions

29/01/2025, 10:17

250129-mbhz2asrfm 6

29/01/2025, 09:49

250129-ltm62asnap 6

29/01/2025, 09:31

250129-lhdhfstqgy 6

Analysis

max time kernel
269s
max time network
271s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2025, 09:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1RDeGwJy12IQRaim9yNVXNPcszpQPZTYG/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
1508	msedge.exe
1508	msedge.exe
1732	identity_helper.exe
1732	identity_helper.exe
212	msedge.exe
212	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 2476	1508	msedge.exe	83
PID 1508 wrote to memory of 2476	1508	msedge.exe	83
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2980	1508	msedge.exe	84
PID 1508 wrote to memory of 2020	1508	msedge.exe	85
PID 1508 wrote to memory of 2020	1508	msedge.exe	85
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86
PID 1508 wrote to memory of 4376	1508	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1RDeGwJy12IQRaim9yNVXNPcszpQPZTYG/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd94b946f8,0x7ffd94b94708,0x7ffd94b94718
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=3964 /prefetch:6
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7536 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7868 /prefetch:8
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11926914694061061577,13425926077350718234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:6116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2300

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x468 0x4c0
1⤵
PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fe531fafd30df9b94784369ceee5dee6

SHA1
4dfd7766ed29030dc2ca472b058dc1502fa0fe82

SHA256
aa2bbd790318016c4602ed0b6952a795201d7ea791dc878a7c018b57a44b71df

SHA512
875fb0377233f1693ea714f32108e5c0f95b70e24ab419f1a6995653c1c1cd9c8ab80edf720b59407b2beb106fea8653c11a8f1c7830d037107794c95ecae408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
6a0f11d8319c06479f3e5d5b8a1b8980

SHA1
de59ea65578b272ba51134647f0118b37f3d643e

SHA256
23dd7c83bdb44671322861876c40764d4e5cbf448daa6fdc56b3e1fdda78cd28

SHA512
7471919e6629b5d960a19a7e66181f20685c78c153ccfbf5e9a36c130259102784f62eb5d8bc66b9e6a2ccfbf73f25ebf6732f782e93a850d1344d5fecb08e3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
958e0d647853781f2cbe98f49cca3b30

SHA1
7388518dda679ea4d34131da72e03673dbcd9d4e

SHA256
5bae4458cffec14121c266506c527cccad2853c7ae631f54b706e8747059ffe1

SHA512
e41d4ffcd3aab7cd2017ff4c8ab1731941e6135730cb2200b0cbab9a9eb0ca96d391a7e9d8e5f49249771ed2c9b8b0acf7fee427864f522fc4d7ca9b3ddcd050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
58ecf3697a8f268d6eb8ce1419a400eb

SHA1
64bbb3513d7a02cb1f1f037504c31a3104df28fa

SHA256
76b84be7e80769423271cc168eb2a184bb77ff1e3e650447e53b05a087857064

SHA512
4b97e36748e21ec7a0b7229b3e79ecb643f42e660ed62d8d8c3147684071e6d337b40fe36c5bca0ff8a577972be9834183b0ed284c6183bc3e1c6b5d0e7b8fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
42ae9574adc383d12899bf34e8fffcd5

SHA1
949e9136ceb32528dbe96660770ea9f5f457e1fe

SHA256
a117a46351087a134f81f016e696b5e787c5269e37d07aa50eb4c6d3cc355cf2

SHA512
1040dba2baca3e2d32415b9e1b2d25fcc5ed43dbf7160272d1714199a1f769d390d675a54adb9830bbe24183c665df0c8a7484f412adc230046c80abb0903b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
7bd5159cf2d6dd866fb0127c2d382510

SHA1
504223d726090160d69eec1787f62a7b897d3b87

SHA256
1fb22166bf7ca8830d3010651f69bdaa3dee6ac95c7481bbea1df54b4799a828

SHA512
9df2afc7dc919cceb233634f177bb19a3cf69af387f5f903bc392961cdf5cf237aa4a0e466013ca982e37d6c89a67a346d19134c5cf2d069e3514a06f7dc9c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
2938b37a65d56e5f90db955786d121de

SHA1
51b860952fd346bd50d2e81dac3a092e1e38fa18

SHA256
cd82aa4c3d927927b9c8626415792ceb90ce007720e7a7c7187b009bc7b03a12

SHA512
1622128953f17c4d39251a4af645df9b42a642b0aeb5088d3bb313623512a3ead3aec40d1f10167676a4556e034896895929e1890834d88d8b3ea21fb2849941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cae93b7c37af239629549336f8cd8b9f

SHA1
0f2bcc6e5d3b696dcf4f1df393e0b8b55bcdbcb9

SHA256
7a3eedae40564d7ad9b65abbb93b2609683c4cf78efead0f7e426b31ede566a9

SHA512
7d24ae7c2eb93f9043b6c5373f9282228e7e5175b325bf271455fdbefd8d374e20486210d083a2511f4559e2fd020b775192cb5a075c479819de57e7f70e9f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
77313251bfe3288482ad573eb3126532

SHA1
be6078ac52fc147209896916352267f073971b38

SHA256
91f11fafd8669a23d86fc01a60a4e8ca3ea47752cf9350a5c175e9418fb072a6

SHA512
f2447f78286b96426a00b3123b9d156f74e67f1d9a0f718ba0bfd6667f7895212e9b28804f685ee39ffe3dce0bb8e968ab98be5e830795b06d031e2b9a5720d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2da36ce7a01c6482da91906964011fc9

SHA1
72fdef98ba997f37f24aad3d2e529258a2204a28

SHA256
85d47804b76136fa75a400f14470626b8062298b6ecc543dccd324fbe577607d

SHA512
bafced163a29f11dc7671ed2224d38e50f04c97510e317b17cd57f69e986f97b2365a79a12f5f38052fa6882b559809fe1babb75eb592110bb06fd20b3270e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7fa48e313c0ec3615fd8bfaa9d213d45

SHA1
2ca445e071d9b440acb990d3daec845e648f5899

SHA256
5e8efa7773dc02e1b7b63a974874e81edcc9db15ef7cac98bf109b4c9095614c

SHA512
64eeb1f65958b163c941b63a236a235a298dcf7fc2e458018762b4d8ff99862516d0aa6574af9846f754367a2bd8d89223d9e4b1f2f9e0117fdd698c077543ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a971bbac38716dd7249444b5abaef344

SHA1
a529d78534fdbd86f511b4a2df1fd25610db4fff

SHA256
77751d01379395e97d0ba0ab2587cf513770845c158442e2ba563787ecdbcfe4

SHA512
fc6149c3af0c61bcd79f157d32d94e46d0d83c26e32877b1b7f308ca3e556e2454fc7a5f55a9a1a67453fdd58c3d963fc3454428f21d057ebfa0507ee0d0fd0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e92929196456cdd1242322803208eec0

SHA1
e36d4e86982fe0aed67433dc22f5754fbe9c9373

SHA256
dd50eacd4de91b21e779e8460d828c4c5199dd231442f1c7fc9ec3f63bd8b725

SHA512
fc75f1329bfbab007a03713ec7759946eef4d5d7ff92238ec8c8ae3c1c3b0888028ddc7f12f15779c88d9e8ad7a1f1682ac30d50fbc64344251b54a529660964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7fa13ef9a70e819a485c9ef5a1f2f30a

SHA1
fea3f6178e037e09955f3b3f4dbe35b4e3d778d9

SHA256
774447005ead3f97aa6e8f0a1b928853a20423612b606e7f4f535160c825fc1e

SHA512
970fa50367dbec17e537473e23cd98cd78c69f912f7dc253a78c93bd0c8b029971add23dac9e84b630015437dc9f87e2031f96984b3c72e5d4729845f24ab852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
512809713a516c7c26ae3a74ab5fe0b8

SHA1
9daf1fbeba54b731f90eebaaf09eec247f8e118f

SHA256
a5ca6bbc321eac2a1ece46b5867cf05fba391b1681e90e371a17ac9b4d11c2e1

SHA512
1e94f7d5c84b4d0adb7b652670bb5e9227d393c417c8d108aa155811d6ea80d6f15b164fc12a284491aac6370cb937a1a244920dbe66d915cf14bf5370a86529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4e2fe340a3627e293d313e69afff5fe0

SHA1
544cde8379dc79ffe096ed3f4bd6e27644067c88

SHA256
0230bc178b81ab9cc75ac0642dace0f048f66f681f3cdb2ba0150da91c413303

SHA512
b0fef9a7844e50fa0a4fea746a72cd4addffc4eafcb8321b7f204d12c90169efea10faa8b0c77a9e4bf43afb32f71e354a0799af3dfdd2eb29bbd1ba7afa0c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c9d2b24d32176b6d147bdd6b831772fb

SHA1
f5df66d2ce9a6d87334bae7d912001b3e82e944b

SHA256
096ba5b023ff95624fb1a626a34a2a5a4aa844e77cae0724e3281b4adc86b3c9

SHA512
94e2bab5291924a72434d7a7e0094fdec99d3ef95369239c492f03997746a463ee87ac9783353e4ab0e1001f1fb7676c01289ed5e956d4c6292577e79299c24f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
87c44fc863aab56ecb20a8c1107f84d0

SHA1
5f3619bc0bc77e71bba88c00dc3f9388852713d9

SHA256
da0cf7e744c3abc015c49227012132436d9eecee447190aa5b492e05c46f97e8

SHA512
c89ea2a85345d9d3e6ce9378b6c06dec62515b885e7b5f8f189d860b4d25f620a45c3da08679c909650af9e2fb7865ba413f6b67c8d2d5fe622e21d17ae3f0b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f0d1afb1de7825b0dd147928d9f3fff9

SHA1
2a0566ba64c6f3f8d80326d2d406a76c148d6258

SHA256
1966d904f990c8ee52aea95a13426c15f589fc3733082d94665d5bf56f36b467

SHA512
5852b30f4499f18b56b5bb67b7caeb9c669310336d8bbe410a8e2d0d9ccefed0333cfd8e8251b26074d149410e1e28ee54f071088002795deda706cc8bb412d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4ad863b972315c2b95b7c86081abb1f2

SHA1
547ab5661571efa8c1554ef7e4c8f6c9f0637495

SHA256
718f7420eec05b62da56ed663b8a6699ff7529cb9c8a13d82d812be4c82a88db

SHA512
3392919a6c37dce53df558213f580b98523c26ff3efd2059e6561e03e732073644ba9e9cfd605e21aa048097066dc8bb17495e4a07e4cf6b072ceeb685b5326e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
31a774076dd8a8330bcd4cef3e604134

SHA1
15a806ad39903ad167db61269e5288ce53ec3c41

SHA256
20b1b142333ff4af0e8e211b0744cbc47477b6ea77b61a8c5f8b9411974f7adf

SHA512
df4910da67e983902f8de67ffef80d418bea46fb01cd857bff61cbdffd67270ae2829b75892af710ba7877777c40bc635727b2a5faf956ede5a5a8e4292c76a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59a82d.TMP

Filesize
48B

MD5
3a0896a0cbbacefad05e40299ea918d1

SHA1
5b75830f29ab9975c01404c4108868d36ed0dfe7

SHA256
fda377634c909ab7c23f9dd4cd4833bc2f7ec56c9b42630734927ec74f9b731f

SHA512
55adebe726560867584bdb094265bc89d22b73e337b472f9d109a446b021287df15f20cb9e00ed8a2c1f5aca190d5c41a8300450c0a98fd3c2421ba76e2cfc45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2fe8233e13194bcde44b7d64838cbc22

SHA1
82f60ae2d1fdff61246fc4e1fe11c61db9841c3c

SHA256
1291c13fadfdd01ae05cb45ed528bf9e9944bfccf5cc5e28836c8fccf5cfdf08

SHA512
f9daff5f2402a9b806961d64ec6309c6e1d567e715fa8f6809a37af272643d7eb1fdf93e713a878a4b040a79da29ee3e5cc53d9b5b4d9ec22a6ba22e3ba72bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f7affc520301111c55feaff31b5a9641

SHA1
a926cf8103b48d4766dc3b2c5bed324f3290cf9e

SHA256
f6fe68d3bf76dec59d2805d642a34391568de191679fbb2ec45ce4773abf7d2c

SHA512
ec34b43dec9345582a43dc69401f36b2a6cbff46a5d98fb695bf8967eede1f18f427c5ca986d087f1d3d2d8a91aa70af918b83510b4c10705ea2e226c6eb8940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6b0dc5d861e9f74b4daf76f2b3e501dc

SHA1
e1747ecae077582b616560078d526c466b7b8b03

SHA256
5a67c0584b8874547e0c463d1d7a862ee3ab2b7f7edb8652aef27d6399729066

SHA512
f6dfa1b00c69a637f87a895eac339687c835379f9393971d6e58214409fe3fe945470668ebd124fb0345e887403d8d0003c28295673b8f5949cc9e26664949df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
01987cdbb60888f9d7c95fbecdaddf97

SHA1
0c23712de68ca66c6356d5a02a232d2acff943e3

SHA256
372315ea249891ade20fcb5068c8a13bd0750a1e53cb197bb14e8ee48ae209a3

SHA512
12db5fa8056d8ad91514cdc2eee4afbf2ac6d146c6cb3174d4933a3aa381f2cf34bf61611661c5fa909e8db558ee75f71bc39e43dad0ff3da7fca5cef6f03511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ea7f121015901172f0c12252cb7e72a

SHA1
cd0018396800503675b29ef880ff88ac49e1b81f

SHA256
ea112959514ea68d2c37776b717e3374459832ac859ffcc0df22666ae2ddea28

SHA512
8bdca899c51ef469641fc13c9b07ffffa199aea2a0ac7dcbaa62e1a882b5de0a782d6258c3b94237774edf943ae089dc3c9cb1d594d52ba7b4b4de05829d556d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595bb3.TMP

Filesize
870B

MD5
45ebe7a6417d71f5689d88500cfc0d48

SHA1
d075c73c14181d5e5fb2a4fdf1fdb2880b02b268

SHA256
bc820e391ac718bb1e5654356ff5521432988e769e1978407f738f54c0d0f2c2

SHA512
799b6dacbd8e1d1370da95cc944d5f4c3ada62b6c3328d3a0f0c416d4bf37ad27bac86be763e8059520d594ef49f20541135145c960d9961e7966d0be5bc31c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
55010293078907bf25d24f7d98d0645e

SHA1
8cabbeda2820870ef5f6f17d437c7c8ecdfab5bc

SHA256
f10de2a62ace0d69e767ac6153c9061d985f9fc4d138352f08629a83048719a4

SHA512
d61bc3250ebcc71862d2747fa2d0736e0a2e74d5a40739ca6be36fe27a2053b1b44132ea4ba024e80cf4ab28f5eb5174241a69e48cabda6ccdfd92e70ef8d6be

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 457199.crdownload

Filesize
105KB

MD5
58993efd691b6d56a186ff2c098d9f6b

SHA1
7d5f59faacb290a4b9150f1877c9adc0d0817813

SHA256
0612acfecf2b1226289384e3036f62d18f9aaaf168ac783f0b3e20b076d4d321

SHA512
07ab61580c475e488d980699b4eb12904db76891ddd9ed79280a0e10362652f355256dfd483ddf0680699ce63901579e0da47abeebeb6fdb3699176272c16a31

Download Submit