hxxps://www[.]mediafire[.]com/file/9loe4v9lx5zi0qp/

Resubmissions

02/03/2025, 03:29

250302-d11fyas1dt 3

01/03/2025, 20:30

250301-zaex7s1we1 10

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
02/03/2025, 03:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/9loe4v9lx5zi0qp/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "5"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
2304	msedge.exe
2304	msedge.exe
2824	identity_helper.exe
2824	identity_helper.exe
4916	msedge.exe
4916	msedge.exe
5880	msedge.exe
5880	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5880	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 3776	2304	msedge.exe	85
PID 2304 wrote to memory of 3776	2304	msedge.exe	85
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 3288	2304	msedge.exe	86
PID 2304 wrote to memory of 1032	2304	msedge.exe	87
PID 2304 wrote to memory of 1032	2304	msedge.exe	87
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88
PID 2304 wrote to memory of 1680	2304	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/9loe4v9lx5zi0qp/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec95d46f8,0x7ffec95d4708,0x7ffec95d4718
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9144232810777501646,4082175733192535468,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1628

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\767a0f9e-2d39-4bb5-8431-ff92be8a560a.tmp

Filesize
10KB

MD5
4a9111e9ab19cf8779507b2b378cb1d5

SHA1
cc4ffc4db18f6fc6bb39e905b8a0f0ff3e0e6588

SHA256
81dd72ff9628ccd00b19ac2175072a8826e222692acaba3aa49a518d418894b6

SHA512
743848031347669a09d35944dfc87c76c5d7965256183c9b4ee59bbb42fcc7a0d62f718d9b74a449d41117c06374903b093ea1576bfc8e0b546cea175a1ca622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cf0d12cad4c4cc7c2fe1daa59995cfd4

SHA1
f51a86acb90e7d9065270ed0e04b38d5bc54042f

SHA256
b0fdea5fbcfa795d8165445dc5bae9837ba12c93e6a27bae8888d1585944a745

SHA512
fe2c0a62cf312a651a0977b132e9ed43f9777a69a0393e7ac85b428f5f4deddb210b562247222968cc217d9fd0e21b571d00165ee0e63597d8663a7f5e5ddae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b70adb9c619dff10d2dcb7f926b9ec3b

SHA1
ad6ab490a1527d6a056055ab5a50395c2496d4fc

SHA256
ac0ff4d0e002d553021c6b0fc324efa915ce2d5ef2d1691de247e9929fa29b00

SHA512
b53b6e5c13344d7e219bd27cdb9c89a6d27cbe3ac462dc8c25691cb2c92f4c42a3fe0be806c7f4f4c48d3183229948ac453cb4310f521806e38f623fdaa31165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
362e4c2ad23abc22b973c72e6821713c

SHA1
b267fdb888c423d2e961c13f127d72139ec589d4

SHA256
cb6945e32d80d0e494a341ffdec218c81824a842a840bb6758ea2b849a888198

SHA512
5dc7f4853307bc93a2a6686804651180713d1170788917479370dea266368767df77f5faf8279ca15376e31e838e2d16a248cc68b0a2648f0a838cd5978fb598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8c5b6267134d6d13d94eaa2e91126b54

SHA1
527ebd525ba9287a5701d84d6cb34ceaaa29a643

SHA256
5bbd18fcd1cb7bc01b13fc89ae29b17fe6e1c943fff4b1dd84851b2e6ed7c6b7

SHA512
ed04274dad56d98478a1fff1e8c19f513057687199f9b5f379bc56ec9094f33791a8209145d164b7090d570e8008763265d54966ac01e45139a19550c305db75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bf56bd1d012dd4d7afff49e3100d72ba

SHA1
574fec9a9a6ed2a0bdc3e6fdab020b59d759031d

SHA256
fad8e3e54c2289f401a19950a816849847a3590f69fd2beb43b974178a49f442

SHA512
1d4b704ad0b872e08104daf2705e876ac75f613360c4f1fe873cc58e5474d8ddb91598863bdce48393bbe612230ff06dff4870935e76b10b440ebbf077cb9ce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
822481b0e8ed4813281da4269c6ac289

SHA1
8c5bf2d739dbaecb9bb7e30588e07c71ab46ac3a

SHA256
80f1dfb05a02d32aeccd033c2d8ea72038130e86d730b03e61216858d621cf96

SHA512
ad731beb86c40116afb1b75046de03ff564b849871ed117588c34896611bc74bcbd8b0d1367ee7779012af712a9522221ea33280cbca6c25c6a88af8d652a3b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
899b5894ce755116989ab423116df4ec

SHA1
78c9912711b15115c9c564b0765c2a80d2d0980b

SHA256
f4f246c163d6797ef24854b34a48ea0cd8d2fafedc82aaa52c070fbc3ef2e22f

SHA512
9dc6230d8b4695b047c3cf562f6d97ae4341b98e633d5ab1c39cafba12a4bc8b896414aa6d51ef371f5512a4d4eea1c08e83f05d4db51c6e14c6e411bc25efc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
994b6ea4a4937d5155ed8980e8044aa0

SHA1
ca6c5f50538f536e22eca8b8103361b9d3aa8479

SHA256
2d0efecd672613d01944e4ef82ba640d5b1895e36622dbb15d98fe29dcc995cf

SHA512
588b0a4749d2e25b2c0a008c841f8f4977d084841642a210770c6b62d06f828e9e16e6afc2c5757f9df8725d8223601d0017da1e46df568eae421d47167d37a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
228df08697d223484281daf38f608d96

SHA1
25b5d0158c60471bd28aac41d745f11f1f925aa9

SHA256
5eba42ebf3595a570f3fe1e787a4f9d34e8f0dd327383a21996ae58b7d133843

SHA512
b0ed82efd3a3589a273b84d3c6523004963779f69f59f5c5e96d423d982a514aabbe64c6350f4347d9f63a6be34a9fb6834f8c9bf597c73252014bd439760fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
49fb482090203113d1ad66d8217188fc

SHA1
ea2fac4ad7caccab7a74aeebca83f07e3e29516c

SHA256
2ad3a968caec34799a836fc2e3d4648d0b9afe80843d0ac2b331fba9020af826

SHA512
a9cccc99cd255fd632e02eed78db26a63e4430894dd3ad01c695792e1aaa0ccca795acb70e55aaa5486fee0eba3f9103f34a0a01b16b6ec807ea9d61d437385d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ea641e0aa0ec18dc291ee34926642c1f

SHA1
3c18ef5b29928253b087845df44df0be6c456a68

SHA256
1b1d4de02371a3bf6a806f2ea227d3e12445c3f5f4823b9bbe7b98e1ebd1dfd4

SHA512
e7f42f3929f878516b9deee59f2c1bb3fd0853d6c3176fb6ed7e7ae1178b24de0e04ab60dd11ae2bc68689d180925fe552a58ff832b5bd98192f3d09797cf8ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b6dd88c11e1d0754d3261520ca872e41

SHA1
6360da54f097ef63c2b07950303def4d49e1678c

SHA256
95a3e80043b05e3a034d6bc0a1f3ce8100338536c24a68fa7d2ae89ada6429c9

SHA512
c704da1be1dbafb8167e291e150a4415f394efed70f8ebf2ec7298f45797ae06f3292f4e2119d51db1593f0be3779cff91e0404fd1008cf50fe160cb50838894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
151556576b1c69ad114ade8bf35c5604

SHA1
1ee9edbb919dfd342881ded0110aab12a5428396

SHA256
1fa2bfb6e6d37a4cf45716364c29be9e079f46165afcad9f261efd59399770ca

SHA512
c21c5692c84b83d1c1cbadb96e103cf0540eaa1a5521d6b86ce2a47d17140826b83c4aff19bdb0d13f1cde1d85cad3afb346f242b955b36c2b389b9de2ad1796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5870e5.TMP

Filesize
873B

MD5
9511a0ddec5f7bcb5b0d717e08c70707

SHA1
f6c21874a2a2dc76dfb22da82e2f262326b2c08d

SHA256
ad84fcabf2fff51ac7d56b79eed46ec1b6c3ea401cadf1da99cd3e1624653ac8

SHA512
c97e9b895c6c2cbbb37fe7e3932d253dcb71d1898e017ceac018d81f7a272066e3d4d62c7967bc4c3e53462355e5f14030eab6148ccf502b88ec8e8156ef78c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5f45e9093943f68ffe6f9bc3a233ef1b

SHA1
d9ad694ebfd34e0cd85dd96dc8fc2428faa46f52

SHA256
3a8ae7d99b43fda29e247bb07991d71ca19339b98c9c329af9dc000b1248d3e3

SHA512
6673c13ec3fdb0edc9e58f989fd9bb1eb81b3ce8d892ee5dc496bc4ff0af44cbe6c9837d928dad2cdebae5a26e3962aa01dcf161e4c96e107f47295153fa256b

Download Submit
C:\Users\Admin\Downloads\Discord-image-logger.zip

Filesize
23KB

MD5
0a300eead5c92c4499a2c3ae15c01b8e

SHA1
5f5343e4a65fd391a02238ddaa84ee0348dc8aab

SHA256
138b3330c28bc569bffeeb110199f5d74a36acd88d4083cf1d800e8ba44ce544

SHA512
c2b23043acb8bc34e01ae7cc6d488f65f69cdf37257e9c41ddaeab71951b98cc20cfdf0dc644c50d33375c15cbe73fd1bb77c44cac3e0d4fde310efaa34184f5

Download Submit