hxxps://drive[.]google[.]com/file/d/1t_YXPmm6m-InzLggm-VBUHCqyzmlXkCz/view?usp=sharing

Analysis

max time kernel
1149s
max time network
1200s
platform
windows10-2004_x64
resource
win10v2004-20250211-en
resource tags

arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2025 10:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1t_YXPmm6m-InzLggm-VBUHCqyzmlXkCz/view?usp=sharing

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
114	5224	Process not Found

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3624	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
756	msedge.exe
756	msedge.exe
3612	msedge.exe
3612	msedge.exe
3092	identity_helper.exe
3092	identity_helper.exe
5756	msedge.exe
5756	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	5532	7zG.exe
Token: 35	5532	7zG.exe
Token: SeSecurityPrivilege	5532	7zG.exe
Token: SeSecurityPrivilege	5532	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3612 wrote to memory of 2096	3612	msedge.exe	87
PID 3612 wrote to memory of 2096	3612	msedge.exe	87
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 2932	3612	msedge.exe	88
PID 3612 wrote to memory of 756	3612	msedge.exe	89
PID 3612 wrote to memory of 756	3612	msedge.exe	89
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90
PID 3612 wrote to memory of 2808	3612	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1t_YXPmm6m-InzLggm-VBUHCqyzmlXkCz/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9421946f8,0x7ff942194708,0x7ff942194718
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=904 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17688289278490123455,5594337287939470214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:2544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUVBN0VFMjItMDAxRi00MTY3LUE2MTUtNDYyQzI4RjI1RDI2fSIgdXNlcmlkPSJ7QTMwMEU3RTctODkzNC00NTM4LUIwQTYtRjVGMzU4RjBCMkU0fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7Mjg1NkMzQUYtRkFEOS00MUZGLUE3Q0EtMDZDN0Q0NkZEQjUzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODIxNjkiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1MzE4NTEwMTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTM5NTg2NDA3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3624

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1536

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Toontrack Overloud EZmix v3.1.1 CE-VR\" -ad -an -ai#7zMap10041:136:7zEvent16958
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
801be0c9974f5b19e11410cdca27cef7

SHA1
31a5e111c6f20b94362d662d101cca5edb64b401

SHA256
9a89f5f26ff7dea0fd13726ed7d8e9dc9535288c75b25eaa6bc254324aa5e36e

SHA512
4bfb4783ca4f9e0affe002b2dbafc3f40e1e051cd5e8a787f6a926e467f307ee253c8a84a43b6882a2b1d11f8e17bdb02c4d74247a1e1716a65ab74df7fc1135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6393f79a5df6261cd25a71a1c7cf2a13

SHA1
881fc5e01962af69cd5cfb630a37f2e7da96e95c

SHA256
551698eed11cef04d0a7bf97ad2c84e78cd45d1e984d104c95b825959d9b9674

SHA512
f9f2b59ed4a20270213d3ce4883ada26edf911df2928fc6f6572812ef70103c61497a8ae4b75c4bcbd6048e90e329b4bf00d07b2d22b5a0c5fb67c9781373852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\45fa7018-ec4c-4de7-82b7-e186b1c1f9f4.tmp

Filesize
3KB

MD5
8bf2dda56ea6f0c84df74147cc439555

SHA1
e5e6736256197320b6065fa289a5d064590cc113

SHA256
93cc113d19e2546279e1262dfd3ff3097362e4068fd039b67fe23beadc715f71

SHA512
8c1740a81b4da75bec9ae797c3d178ecb11fa12207486a70d7ba4dc5a7575b8845c4e5dcdc000e488f0b1e2f5a6506d4e96d8c2c081be8fb41e0bd8d1e3ee5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
48KB

MD5
df1d27ed34798e62c1b48fb4d5aa4904

SHA1
2e1052b9d649a404cbf8152c47b85c6bc5edc0c9

SHA256
c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86

SHA512
411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
70KB

MD5
3b06aa689e8bf1aed00d923a55cfdd49

SHA1
ca186701396ba24d747438e6de95397ed5014361

SHA256
cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c

SHA512
0422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
25KB

MD5
e580283a2015072bac6b880355fe117e

SHA1
0c0f3ca89e1a9da80cd5f536130ce5da3ad64bfe

SHA256
be8b1b612f207b673b1b031a7c67f8e2421d57a305bebf11d94f1c6e47d569ee

SHA512
65903ba8657d145cc3bbe37f5688b803ee03dd8ff8da23b587f64acaa793eaea52fcb6e8c0ec5032e0e3a2faacc917406ada179706182ce757d1c02979986dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
215KB

MD5
2ffbc848f8c11b8001782b35f38f045b

SHA1
c3113ed8cd351fe8cac0ef5886c932c5109697cf

SHA256
1a22ece5cbc8097e6664269cbd2db64329a600f517b646f896f291c0919fbbef

SHA512
e4c037be5075c784fd1f4c64ff6d6cd69737667ec9b1676270e2ed8c0341e14f9d6b92fde332c3d629b53ae38e19b59f05a587c8a86de445e9d65ccfa2bd9c16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
20KB

MD5
d683de08b588c2b6f686284c29a3fbc2

SHA1
04f9ce99a90e252a433779d38f89d354434b38ba

SHA256
2039f59dd9651c2b361d1c166d91f2a2a3c9e724b21f4fc64b99206a111f878f

SHA512
5d4ef49285fb74ccab9817d0127a91aaf1aa3e1975551295f5b604b06b7d0cf9d49a20bbef5fc65adb0edf00ff7d7cdb6594a235e1300768986d2dec99cd0ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
20KB

MD5
4c54e95f6ad5ca848fb9b2b3efead3e8

SHA1
51467e9beac255c0a69f3c4feb4ed9f9c358f3cc

SHA256
39fac993d24512f7654a8a482095a50f0dad98ee2b0393a8b047bada077ae92b

SHA512
a47e715b448cbfaec2ab1667c14a8b9670c3394db34f2ac37d9258d4e8e7d7a365cbbea8be3dbfd3c31c42f43df9b91014a484da6afba7a601dfd617f16bbc99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\586430d8e194e5ad_0

Filesize
70KB

MD5
b4f4e6fb39163a88e493169071c4efcd

SHA1
4fe6b85b72899a1a88466066fe82c987006e2fc0

SHA256
53de25a8be2ffd982657809778e4f1091984064739dc3be9ca2be7e6a2a669ef

SHA512
62b28acd764eefc40624dbfdae00e0bf156f23acb8d53fca93cc65aaadeb83cd06e25a736c57c6302a6cfc196be3c9d0eaadfcd27202d7ec38a82b9dcfa0f629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dbd11ddc2b4b5d18_0

Filesize
322B

MD5
244adfeb3f53daacfa75f803e742ff6c

SHA1
512fbfdaf22653526fe67de2ba7430e632b23b50

SHA256
1cd1401ba2065587deae293b8d376393b3a79e94415e87b6c2ce225ce083af05

SHA512
c64d5259ff10d19d25e8fadb5c2c7c8e70c49e73cbb6f7e6100e6e07c62763e27bd87a4ff30d35ff033fd5ab8132faf21d0780d7eef5d8fd360db256fb8cd951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ffda355804de5bc8_0

Filesize
3KB

MD5
05a89ca824ef625f0a4cb2d908bd4e2b

SHA1
01be88c825e0d1649b0b5611cc51b672c2848cba

SHA256
22b0408f4caf7ecaadced60584a63a998174c1895d18364f37c65fee9e972350

SHA512
88c802368808f2e387d30bba7b7ec58fb3423a7884c1a9ad9d00b334026ee14047ac813a79e8f9528e0fd6e2b56a13b5edcb908952fd288061cb28ecc7a7463c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
668c293c0eb7642c2b48ed12d7e208a4

SHA1
d285dd6e89ed2b785b4359d68b2beaf5491466de

SHA256
a0052cb21316c892d27a5fbcda7b39ce0c20ff67747060bf92f26ca077c7592f

SHA512
0e341700c0393b0d15a5efbb9163cd075930a18e2e530cb1216c658995e72ec35c267d0cf603841660ca2d14c7835b3802e6af0210f592943e35bad1e7f95fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
ab1f9bfca6a291df59c7f0ad43d05c97

SHA1
4438ecf87ca2c7491f17940cb12657e60d2d038a

SHA256
abb3e91fba76bfa58a6f8b74da7e81753eca705d262ae4a3ca55812dc7042378

SHA512
a32e011caae4cdff8fcd488c10cb03d51a434e3f116c5d00feaa4d775af9f2f784c70d3a5dbfba9782a9fb4ea65991389ca39ba7500d41b31bea56d1c347256f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b8763a4f20902f80ea641550af7d3b36

SHA1
23c857fb87151afa93c51263034100b020d13fdf

SHA256
99298051f82e206351aa1a9ed0cc7525ca9c66702aeb287e808acaab30e70c3d

SHA512
9acb002d0fbab709c7e0a7e9c16c5ccb882e5721e8b5d8e6c8a9af29b04c7ad684e60ee2643471ce38627efd145b7589dc3cf800531644ce7413197ddabd90c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
c265bc7b3da28952e6002b8c03fd6acb

SHA1
950b36b9b4bbc847dedfd7d842495f7e79d4892b

SHA256
fbdd8c715d1fcae640ffef9d6ce83ff49794a6e2b104cfa2bf040499811bb21b

SHA512
e35c86ec49cbd116eb5a10fa746c9b623d0dd9cadfc4c77fe5fb28ad3693bf04e56ed13e8d252b24628e014f5db1ed0e382b93956ce3beb040332ed8d3ebb83b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bdd33c9c63f5380b309ee418d084aa72

SHA1
e0b178558872cdb69e81bc631dbdda6bad183ecc

SHA256
a272439cd25cb4b5c413c2326cb18e857bc0e05552d6dad0799f5aa8b9faba86

SHA512
357b5724a0742a4a90572ffd5e7a1a2c3243d1e5a501f7985f0770d97b057834ee07275bfa38ab1f1fb6255dd69207317bf127d8b142876b11a798bc293a8292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
fea3f5bbab447d53678a1347256aa156

SHA1
1ca55797059b2e5232eafe8e464a9a2f6396ed55

SHA256
345a16c69c89ae3e61d8a0982c1f501958bc5c227fe0465b7e6a99240536da2b

SHA512
177cc90b076bc409213bd0119136dfbf0f86323f6a8b23486806b2137351b9b7bd71dfcb0c1fae7b549bc9c26c8c3fddddfc9749decff9a2b59cfc0aa67a7bec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ba27d6e47330bf9369e36b2f7aa8a117

SHA1
0ba47d2d7d70858227084f2ad8a3a6e7fb34caca

SHA256
8930757a7bb92c3215c9b861ce4cd5bb311aa4f9dd83215eb3035afc4b6da0d4

SHA512
37bcba26d291b5f34110f9559714a929270d86200cb8fc10eeca737b3f3c371a5920f3463fbac25c9c217e79aac88bad48b9b9ed471b6fca1bc063b075d1c45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
d74de1941eefb0d56b0945a8ac944f2c

SHA1
c7e3e41b37820a78fff9426a1370b39abbc75478

SHA256
d4c1b2f4977a59a3bba50bc9d025c53eafd05cf6e15807c1f4763dae8727c1c7

SHA512
bc96bd5400ff17102bee41dbf7f67b832c269c49f700c2bf05b096e7c17ffe83aefe820b28439a399d78c4799090d4b83fdaf469e55af84d2eb0d6e7abb3342a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
a9671c938e932a40f24790d08aa1e615

SHA1
ae9f659df8bc1666104f0070c8e7a965e174a4c5

SHA256
6ca4049860d83e0fa4ccb9925b2ad0329f05ac511adcfda10ec4efb330ae2a0c

SHA512
530f5d9dad4f41d0615ba00093c431360faa429eadc62ddcd0a71dcef73cb743c22ffea0090e30ff594add69459aa37393d925a4ad88a3d893e047329527d55a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d9692cb403d2b9a9b52ffaf0035087e

SHA1
fa85af6f833cab38afc718139c6311213869c691

SHA256
7359d3a81fd5ebfb4c25dd6300b28e1a0eb5b4bc5901f75cc2038fdd009aef98

SHA512
f24f3e263cf6ed2165433b0759e0b3aad4753d0e5ac1f19e3d42ef3caf5850029ec28d96d37700072e79e495bd237b80d65db7c5c7d80c6c59c1d48fd125ac0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b095275086af0ec85e5bd7a38177c481

SHA1
7e5b3aa004a2deaee90f8590057cc31da68b933c

SHA256
b2376bd006e6d5dfe95def6071022f2db6c857ef25c1c4f44f2932d3e3135967

SHA512
70d8333e6ecc9b018b5e92faa4c7c1ccba402cfc4b5fe0ec74c3f32d797e1b62f82fe02a70d81536e1bbc02d4968437f3a84852e5de732688fc3df510303848c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d7ef9ae9030a668d9b19fd4d5fbb10b9

SHA1
e0fdec1a3303b5c3443d14a5b896b1f8be03f125

SHA256
65653fffd57d3bcce310792694037f17a7aafd4400f21c2b93561787a954d52c

SHA512
cb8bbc2950c01f7733d9941e01470b5531d68756005a5eb174fee32165ee2cbd13e02939d697c4d302ef61e18586e3de1e0c1ee42a33afdd250fcd9566f57519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5fd28a1a1545593ec1b4d5c043ac00d2

SHA1
a7bf1f3f69058042bc247b7a6052d9a1b9030d4a

SHA256
0ff6b408886a92cb0cf5b4b54ef4f67cc2b2f03e9f497e56dd177b92543080a3

SHA512
39bacf9f526cd31a5e2ff7da73a925f31cdcb0cd97228fbc4878f65e6a858996e04aed93ee8b88a7d0ddaa1ffc045c396b68a8c54bb7dac110854e2f26eccce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a21b9c3dd492ecf76eb4d970395b5c1

SHA1
76e4123d03710bb3c4d5fe5cb0bbf0398059c36c

SHA256
d82d99c770be4513ec4ec29f1afa85e1e9682c7c7bf23dc752a792a3c877886e

SHA512
28565c6ba3fa608665561574181a150d9e146ddd6f42da4c2ca0d41633be06aaa0c974c34a646fbfd49fa8a2487306769b7fa4a9ec2c1570e040e9572435c9f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f80620478282fc6c5e55fb5fc3a962f

SHA1
b65818fdc96ec9ba0bbfff80a7a24eed580f8058

SHA256
1b768b4c9004d11f12544744a117cede439b81f2687a0726d8aee80507ec5723

SHA512
401dc1da8e61a8cec62bf2c32ade27fe7482145abf4ccf002bc3665654e4add64bc2e9e7a36794f4c82950ae4aee6389ae3e79a9f2600e928e7d570a0ff697d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86684ebb90a945846052c1163eaf3f41

SHA1
b662ce695b645e4f334e71bed6c41768bca095c1

SHA256
d20604cdf40326842d0cd6dd96f17a64a539b66027e2b9561a0fd865324b55e3

SHA512
ab0de1c4e16b5d9d06effc0440d940b836b7b3ebc7feaa7a12fa3c6ea520659b00b523f9f03e9d4af2d9459f1f9ea4f11cd2dc1ba282af6bdc1d4fa7ab627f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a3330fbfb8682553de23b8ab091eef88

SHA1
6d379a3f5506c556281282c69fac04930a8369ef

SHA256
bdee40fa84f549c7d47669cb14d870c49e6f285b5fbba237b1ad687a95e40b1d

SHA512
01a467b2fcb05dc293ae331cba800cf7557e0b3fe86cd1487e05cc69bcf4c26a9ab0bca8bdf98a3bbc46474ed43d0ad6abdbc577d970e2d75f8f81222180638a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
5f5eacc352bcd5765328df2590ca2b5c

SHA1
03f72dd0b98f1fe460f35fd35e53fbed2f8abd48

SHA256
d9d87ac29524b171faf894bed84c86540db4ae4e5bd8d93c12e4937682f467b5

SHA512
9793f272e425b78702c3dc06e35bd5cfbcab9d7322795743cd73ca0370582bc07e97b780d7b84a55759c8712eadae949b58f04cc855aa1f11a2f95b2acd1162f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
592038c7f04e814b23f14907de31c1fb

SHA1
3ba124ebb273d749b5067ce95bab6be055065719

SHA256
26641c40ff0b4cfbf0ebe57e5189130c6e0058c763d288599fcd5f6647487d42

SHA512
18d92770adfded4b6fff7b93cf1b14f3779dd76d9a629b4d1448b4932c4d791cc2637a0e53cacfb206acbc0ec347e23f15c06c9c2a970e6c10388fee80de3702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b74fe.TMP

Filesize
48B

MD5
451a037aa3571f6fb826969bb8685f5b

SHA1
cdccffbf51dbec579a8d186c24ef206180f8091d

SHA256
784c7902339ae5f720adb3d9cc8b3da730ebe43aa2bd0752101a3bfd29635636

SHA512
5f6cdc76e33f406f29e5f103d6561c5c9793cad4c0d5fd688f9c6722cb0aabe1adf2f5727e0b2dbf9f358b5145f18397ba5691d8adc6d6279c6cca04c24446c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ce396ba5974596643b0df51bf38e595a

SHA1
f06fc932f5298af5d7b2dc81aa96f1e5aefd3d35

SHA256
ba58ece580a598e3366bbb0df9387bbde87989c1bff7b716eb1accfec0987331

SHA512
a2b498ea12aaf2274177ec9a97027e4f30b078052fa696cd85fc68e15204d56f9e0c70f6406c21ff82e51e9df057c89adb65372692670175221f0f80ce2ecfe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
abba1d6b3915f7a9a9fce51ff6d1f434

SHA1
6bd16ab84d7811ec5781094384a8d467a3bf6bd9

SHA256
95dcd659a0d22399d38fdd0d878654f6de918f8b8387cbcc426054931bc5d77a

SHA512
442b2792c47e7110b39a2d7a29359b8e092572ff6dd925a65440a223fe9903be865abb9517c80d274220634281c85214db09b25ec6621a92c8fc90f5c792f342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e4bdd7ebf52a22dc09cd7958f1efcca8

SHA1
da328760bf792ed98b9fb5902114ca320ccc01b4

SHA256
5ed3ec1090817eab58729c0f819fae2010b3ccdfb2f412e5a93973f82dd58b04

SHA512
176de3fe2437ddc5643bf0aaf38ef0a56b31e02c92e00a520fa3307af83f8106bca0b38b5d52d269ab20addf0c7700340f548a41307dd1c21f749b875b366fee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
88e7bf7a34cc7d799e4377ddc8fa475a

SHA1
4ac1aab96a6a52ba14d6d736b4c756769dbb166e

SHA256
e325ce705176d373a4d2191e5c5ed4a08691a79e494988de8a70239d925fe6d7

SHA512
d2884aa314083d2974627669f5496f8344d12fe428b45f0b074a437042f42b12c592364e0a97d74bedb2e11db107d6117513d9394378b24a01785392ff6c7f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c51e63239da7e0619bb311d99a811a33

SHA1
9551dc05b874b03872329c0b4c5a14da4146c528

SHA256
9ce4754448269efc95f2c0ecf923db6b3b08e51378ace4e81df7aac87e94abe6

SHA512
bdda0246aabe092253ef39f32827fbd331192b944bfaa3f95a24a6daa0e817162a149b40a4e410cc4832a653717c7a629c1c5e89d1a19f89efe7d84e09cd23ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
88d0c16279eea531dcb060602bc2f6eb

SHA1
b9f2614ced57691e7d9d7e91cfa885498edf6a3f

SHA256
bdbf9562b5f258daf1c0add434ac4e2229a2d863a26b981787742b6116debe45

SHA512
54c9cc1146876186612576967719f5123035f85362d757ab1be86e0bf13f5c26655a52b6040f033e0f6e7bf13eeb9fba4de8013e223f5c91c4258447201ec794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
60219e4a46ea1270c4698314a7bfc968

SHA1
b6b20f0e5d0733e96d6cddb5a79bb308760a418c

SHA256
504d2cb1521c7ca2e70772d3cfe9e60db85c5e840f4f15b0d3cf57a80a3263ce

SHA512
6194fefff307136d88955cd32709cbb43de8ea6dca150193449b83b9d94df6002928d923d427b85375b7bd8571c224d407528f942b32435c4b04b7671625d26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5afabd.TMP

Filesize
1KB

MD5
8c33b8ae472d84a3598a5832370e8250

SHA1
502d4705fe3a3e061f38b531b726a464c2e8b4c0

SHA256
3ff5ced794ff7f7a5ee2ba70e442277d65fe9cb618503b322f84672c97383864

SHA512
8813362863115ec5e4c0fefe6aafacc0d86096d3e45bf3aacccb6543cad4e85ef31e6a739565d9d289d77b7f2b0d12b42f4d1800215da337274ce7d8b681c514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
90ed2aea8953e6ebe18d742864be4dd8

SHA1
f08a31f9a02b169cb1179e5ce2de5b8c475028c3

SHA256
d42cd0cf2a74a2afdaae13e3b1f4ba64f23c0629bc5b6ccbba8fdcc6bfafec31

SHA512
73acfa614c759cbf570f5167f040f106208dc016d12c6b066b60627acebcd27fd0388f2057f91ee13a6a0244c5253c0ca55129612ed40b7f834896ef0f1a43d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bcbdd0cf531cc6798f88090aec249946

SHA1
b418132146ed6c16498fde23f940a0119d6128d7

SHA256
4e5667bdc8ea0a09d3131f5dfc7c8e5f1672571a7e313857c72bf92969ee7693

SHA512
81d2bd863b09d869077aa0df73a4935dcd33753e4e202d3990e97eb686427d216fec9b721b7891564a8eb3cc1a9097016ae8f60abb468fccfea7f86802bc6ad4

Download Submit