hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/tree/master/Spyware

Resubmissions

04/03/2025, 16:56

250304-vfpx5swlt5 10

04/03/2025, 16:52

250304-vdttbavybx 6

20/02/2025, 18:25

250220-w2s3cs1rcv 10

Analysis

max time kernel
147s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
04/03/2025, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Spyware

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
122	raw.githubusercontent.com
178	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Redline-crack-by-rzt.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
2872	msedge.exe
2872	msedge.exe
2996	msedge.exe
2996	msedge.exe
4244	identity_helper.exe
4244	identity_helper.exe
2796	msedge.exe
2796	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 4976	2872	msedge.exe	81
PID 2872 wrote to memory of 4976	2872	msedge.exe	81
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 336	2872	msedge.exe	82
PID 2872 wrote to memory of 3516	2872	msedge.exe	83
PID 2872 wrote to memory of 3516	2872	msedge.exe	83
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84
PID 2872 wrote to memory of 248	2872	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Spyware
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc1cb93cb8,0x7ffc1cb93cc8,0x7ffc1cb93cd8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2588 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1672 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2588 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7320 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,381377571134916448,13070386623608259972,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2192

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4815ecce34e90c0f6ca91c7e35be703f

SHA1
61ec0042ccee59f6bdf6b96eb9f412cc97717702

SHA256
5db366717739338c23e07ca15aea2b48924a3b3ecacb214221239333b11ae7d6

SHA512
751dfd6eea90fc4efb557611e8afc6ef1634c4e2bdd97f3c72638def09f644ebd8bf5696b9ed8379973106524d08c67188f7f64c0f941e8f95109920120dae05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53c68f0f93ab9a94804c00720a0bcd9a

SHA1
9009307d51e1fd60f9a90d77007e377c7f893434

SHA256
a38f0777d4ca9e777191cc924c22eb1847ae805ab79ff224860e8c70d7f49422

SHA512
a1d5b92fced821328a668fbfe9ad694b99c873ffa3ed28aa5bf1e8ef8054486289b5ddb26236cfa7c1ca0db993f306cdfc5878480b6a543aca1620075f77d670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
136KB

MD5
564ea49892868ad04708d863ac19cb14

SHA1
4e347b8043237b7ce2711d68c48c80cdfdeefdad

SHA256
6c61f3228c4983603a4ca2a53ecbbd214fa7ee930dd87164ca29baa3cc9d6c9d

SHA512
ade9ce9992d2473dda3d35a77c8a71675194fc8ea9dd184bfcfce8f97bd91522afe56b05c3dee6b89338dd754c933ba73546c55f666b2958f38df09b844df838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
48KB

MD5
df1d27ed34798e62c1b48fb4d5aa4904

SHA1
2e1052b9d649a404cbf8152c47b85c6bc5edc0c9

SHA256
c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86

SHA512
411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
26KB

MD5
e355eeae241a7810b41135ebfa4c8fb0

SHA1
42c33a01c7d4927cdea1ace1fd3784a5fccdf56b

SHA256
31ff0740ab9252be56eb754108ff51b3544f72c5bdda4e2c838816cbeb928ceb

SHA512
e93bdc57c6c6ff8fba683140f5b0ebb5093247506c04a3320e5144dc9d4641bfae773dad7cb81d1add2fc54e9572ae61bdd6af1e12ccd59d330b2ddbe2637a87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
afa240b93bd4617a6753b3d259102738

SHA1
4b96a108ca7b2cbb1078e21ba79bb946e4214f5e

SHA256
448a6363c4cbb048441285f82367a498c2f82ecceca7b237135b448e351429bd

SHA512
2cb58228ea62d8e670a642702f7747dc61948466d4b8933f2993a011fe530c44562e81c36eaa51d288093702fb627a430d38b39ab7f260360c92e73d377a948c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
614b81d37af8b6003e44216aef0be75c

SHA1
eb4d761be70e0b3d53b5a31d8a4b66372ebd0e50

SHA256
a448500b957616c055e5c6166b69b38c2720b21e0663673874ba729c17af6698

SHA512
df6e50757982cf96a5594e3f3c3c43afb159ca074ede1a4076dd2b1f4eb35619935eb87febc7e8f07c3d2d66f1d5528476126df3b979a608afc86a78032c8626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
339a657a26040dd1a1a0b7cb8e146294

SHA1
a304734ac271baf5eb8dfdbfa650f172056af69c

SHA256
3c1122b9a5d4d41cdd3991bac770aa6f7f4f7c7f84fde9a3decf0e1d8d022d9b

SHA512
49d21485a32fff9b8ed5dd905e2ae6e6b0c32cbad653c4d75d45fad6dc514ed22571d6ecc9320008d1fee9f646cebb212c490d1e4d9327d5cb255fb8a0e59d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
45d98830dd058910c26915677f3d0d31

SHA1
63d6ccd8444cd6fa08af70111b2b272c2b142cef

SHA256
c32e2345e204d2f21cb01e612cb16bc9db9ebd336754cb84300dac5371763e1a

SHA512
df1713657f91207318d8aaf3d9609832022a8b4bdb74dc8e4b77c97e8c01271ecfe752e743403f99e3f669b7d732aa36e23915353d78b5b18da3f9011727061e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
2de639c51011728a678b66a763f20f24

SHA1
a3e27bdef6cc748b2c61f84b24887fe5ee74ff5f

SHA256
4736a72a73d8c74a06a8c17537d59789e5f29d396ff2accbf5c67b64a903885b

SHA512
95278a4a019ead536b014ca6b766e6ffa417c858cc6e264c2d038592d5ee249bbd21e4cb1a5900c8d1126052c24644dbbf9b86d86b3db451026d18bbcd369607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
de8e6c951f95371dd41ed514d1e375db

SHA1
16149eb7be346b6a0eb2290fa26d7739ee06863b

SHA256
c3e9b3b8dc19d902926f088b94f70ace8d8be3428f92ebb36dc59ca622c62461

SHA512
e17d9b50b5ff4e798b29c7760188b8ad80cecd4ac2ab90bcd520a33944578e5a2d9bb96f771125563468cdba2fb536dd96d34222315a0305790ab9e0aa1ca53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f48dc08ad109bacf6175f31ede3a797a

SHA1
8fba4cd53800c17b776a507bf27129d8845ea8bf

SHA256
0643581e3970acd7fcbc607bc067e0a3b396db1ee093b03fbb552ea190e7bcfe

SHA512
4ab99ce0d5b52459abde441b2f12357e20d72cffb061ccdf5faba8801a96c8eac49eb3e5693b777e0405ddfa5e04849bcd927855702b3679e82b1656031a5422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9f8f4d52bf27b8501cc44751bc7f5569

SHA1
8b4369f64e772189498fa46c3c276db17b8956e4

SHA256
25eda030ef454deeae79b3e26b6f62d12dc249b008c72f82eef9856138ef2161

SHA512
13e54d29b423ddd021754ab6670b42b5e46cdd2fe1b7efa937bfa96290c02e4b7fef86cd3341737140bec5f051165be4a3e83edd6ae75e54608073374ef7197b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b52d261de622d7c78724985ef507222e

SHA1
e66ecc0c2186529436296bfa3cc8f7a528683456

SHA256
e9c96fef3614cc76dcd9c05318c113d11323f85e9b8248ad1d4a894944db9a8c

SHA512
9ef64b1f4f069e291d3cca73ad8416d807622255b39e89547413124ecc3ac3066f9605b7dfd39a51c63c3f5b29da78f65d319619694cc9f3e9844f4c6d47d816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a893484445627ef8dcadec2ab7a302fa

SHA1
b79f67a7e0a409af75fcf82356aa6b6965900879

SHA256
a5fffc18047bb27311acdfe4537babaf1ecafe89eb7bf666ee35354e718a0ea3

SHA512
76ea5f9e4f56d4fd54b4c17450c78c9693b43d21c3c2e20c92c422707eb71b64fbaa5d4a01becf42ae06a7035cdc72e2f7a45819a3828d07213ef19500e75ff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
47eacd454128a9948ec64063dee5cc57

SHA1
c7c6eb38f89078a9c3020343f457aeb490eca4dc

SHA256
1ddc26bfbeca24ebc44aa73242590b5433efaacc9bbab4dcaab42166b6707003

SHA512
ab5b5d5bd5ef62dda23c585763c9f2cf7961cf6dd7dee9023b2af55fcf588311d782a94b480a57a7d295acc7949faca28dbb078cbece2831a566c8a72c4165f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
010a729ab13811163a881c05fe7fae26

SHA1
0efe21655fee3b739115e5719784d172ece0cf24

SHA256
6bcba4f78c4bb2c2082640fe6325e940d0dcc88fdad81cc97e2f44ae35cd4401

SHA512
c07641b9a5cdd5945bc235e81896cfdcc4d7dfa633351493b302a038432c9bc2dd8bc37a9e38ddf5bfe69bcd3d8c4a75289ad8bb8e9d0c9bc124e52973e0e0d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
55893fabcbf4f465449b68f543de1c80

SHA1
9f81408844b3a9324e578eefe7ef3fba10c500cc

SHA256
2766f3d6fb0f914a8fd40a128ae98c593cad4392d23e0d1bb0d6c18bb95e8b36

SHA512
897a3569aa2bfb9d07074de7b4750b7fee2bef4a6172aa01a96f92a86d98370e14dfa427673778d099be357a47baf104f4a9783568bf7cec2ef3a9551e6fccaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58fb34.TMP

Filesize
48B

MD5
6c666444a04299a31b77321d174b2b0e

SHA1
fdb5eecedb3f0b6371934415c7836789eab621f1

SHA256
70dfcac080d86e05c5b998a03eecdcf4ee425b0c697caf20dbcacb9b18a93975

SHA512
f560612704375fd4710ddadbde8d35b99059724118fda77a6fb4b508304e239ada3382c0dc3336087f5498995a0c2470fcbcaa65015d09018e406b0ba0c2c460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
752191caa28467acd68645883d597c15

SHA1
1a91c352fc6f2d5dc696c9aaad2b4810e6b76363

SHA256
7ad26c4bd92e1057b1c543b265ff47e88a6ccbe08b75ff902536e74642aade2d

SHA512
33943729c0dc2befeccd3decb14e29c682508bd89568b05eac79864bd8c31e1338185f7a3ad00e691a2c7713fe3ba51a64a0ac5628399d1fd3ccd78f29131f51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7131d51d71d519d83d6dae0491d0624f

SHA1
d083e67e17e2c7ec770416dc071873effef1c1b4

SHA256
be55ead34fbbb1c686651f0f5dca987e556fa4c877adcd28f443e3b2380291e1

SHA512
ae7bd578e9877a7700ab3ab3913094739bb17cf6c0ece5c4b31df285186caff0a018306ff0d39cd58469a20f18ca187dd3e727f2fdd4b74b887983d4e8150074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cdbbaaebd9a86735588bb25e17e46283

SHA1
70c48ea4ac2d61435e51ac5c447932cfbc8c6767

SHA256
a19a27ef75fa2ce60cd36071d42390a5b952b49a727f49479eb92cf3bed50531

SHA512
abad8159c90e0845135f9a24973e8f9518a4281f76b1fde09c30339be2ff105ccd33e190f47de51a6070f02f27202a9179429c69e4b466999a04970d432bb130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
fc32665ad18a0e363b4ceebc948d410b

SHA1
af9323bb7e8316e63e32e0d089698e35318c4fff

SHA256
4f2280d4ef4f94f36fbff9bf5a903584800d67b305aa818b000ac98404dbb29d

SHA512
6cde07fd18ebb5cc87fe5891d4351f62bbdbbd5c32f7347873aaa6d93718b49af66ae6628c8a64834c19b09b46c9c49dece785f63ba04beb9cf7776f582422d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
f2c67936631c1c5435e500f6453abad6

SHA1
58fea8764cbb5e3eb1e518ae946de73a220c3dd4

SHA256
7209febd3394ce461c7b56b9d52d4c93ad1d49d5b8f7f7e35065915c5300b4b3

SHA512
8e280a96056349ae9653dc774f0eb329af647f3bc455f53bcc1831ed59db6f2a4645d8d03f5ec22133653f1685d06680adc8e9e974688810e0d31f293707c440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6568767d4cc7676696391d92e014d6c9

SHA1
38d57e2f459ad331569a4d26d32cb891af20b796

SHA256
0685c46ce8a7c9da0666cbc5ae6321cf1ae6e8ab140ee52aa15efeff4fe2f4af

SHA512
be9ca7d0c3395ff65ade55ff79535cfce1f48dfa46759a9d6f6b0144c1cd456d37b868869af5903f31b2c9671baa8335c9d4defd59226ace88aa3e6cc89584a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
581c9b3b81e024634dcbf8df7a450a83

SHA1
e386108d7c3e0add02aaf1203138b634671ce8e8

SHA256
06b49050bed4576a8f60bd98e47c2e31e7307f78aa4ab791a359f1f5565d83c4

SHA512
613f5ed0a85abcfed2f26d28354350dce7354f138bf03db564dedffbe7a65dbd52fc8fa7eb89fc09b6b793b540b718ef75fe8049cd989b08d95f0bfd064369f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f8ae2c1a0eb19683c554fb822c250dc0

SHA1
da7b9c06172f6a4b39702ee82a4ae79e2f755fc6

SHA256
aac3057b3c254ad8d414e36d1fc1619b31b7926b68e1c3a9c6ae02810568285a

SHA512
01d394a825b162cd2491d17cb09a16d1af3ce2558076db9d418e3aeed7d1633007296818498517ea892db47fcab0ae0d1ef3957742b7b8e3b54efc9c8f4d35de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
519a7730a2776bc374d67ca0a2713a61

SHA1
455e5a2d5e645534e42ebf98019211191a8bc179

SHA256
953d800008477f0032bb111424109738fea61e9721f525971fdd728d17daba4b

SHA512
c18b8bc2c408995ffe66741ddbd56dfe3b6f3bd287f0f22cc1145be4e7813b56984a4fb4739d6533f3ca514321d879d92aef42bb37672f84aa8c230b915ea50c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e9c4.TMP

Filesize
874B

MD5
c21009d6489d061010d7418dda85b14f

SHA1
45c93e0989c56013cc56908ae8197efe2f50badb

SHA256
02692ce0845771814ad17f42fe9ef1475212afbc6dd8b6c2b9bb2427e6e80c52

SHA512
0750fd457433b09706e2b7ff924fa1c5a31fb83a7863c81ecf215c981c6d11f2b3b581534ad6edec02e946b80cd661896812de2cab2e6d771ded252fb2e03533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\7a9a5952-a36a-4bfc-8a4d-519ab95fdb7c\0

Filesize
16.5MB

MD5
1043551729bbe0c395cea6ffcd6dab23

SHA1
5912fe7e3b10f13bf2bdd148461ac60fbfe5c8e7

SHA256
e75b10a52ab1aecc64658dca84bab525ed2ba5fe6a170c6bd9a9891468de7c14

SHA512
7662efb4542fc561131fdbbda06351b384d5424ed8fd2c7f1bd0f1554fc84eae073fb85f50b0cf227f47b6d6f68a551cd531700a3be2a7547a699035ea31b81c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
67cc6ee0b424df7fffaa61a9cb4c8319

SHA1
a2519769bc3eeeacd8691956a6d7a7c3e3f2f93d

SHA256
3c872e0ec72117a898f34b3cfb6c192a5013c51c3d3f6fd8c465e47c17cbc39c

SHA512
1d5d481a95f6db8d879db65822f926afa3de9949d086a0da60f70d30bc3a354461d73f2b887962261d7234868a6646a98657e2303f32925dd0c4aa04ccbc1eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
932bd5d22b5f9508f9c2572e69a2f54a

SHA1
d95cfc62bc76c3aaee7f51737a9c1931b025c7fa

SHA256
45afb39519f460d95cb0d7ba543aaba51e93dbf168ec0f0fb22daa8831ab5fc1

SHA512
ca92ce100831b59e536218cdfad97c6b37d9fca2942e51602941782c4b75b3b3479242a3842793fc0041b7f96087e09f285b82221d8badb0689a7bdf6cb0e16a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
16da8da6784dd20b4c2f6deddf24a6a4

SHA1
82f5926b0384d2f1087fe14a6323d62306ac8420

SHA256
703ffcd1d2dcb0ab920d24d450c17ebaa347986c2bcc526693ebfca6445d7dd0

SHA512
bbd8aab4654703320538d482536ad2e39c1d567aca59c56ec2a0e3fa8fd44acc70de775d2a97a7aea86810d734a54027291dc9da0c93931d1c524b79c21435ba

Download Submit
C:\Users\Admin\Downloads\Redline-crack-by-rzt.zip

Filesize
21.7MB

MD5
1118549e87cbad92e6959506172d8c5d

SHA1
a5598c8355d03dc1ed03b0f7842d478d6a9e17fe

SHA256
54b542bd706838bc61c23ef8189935fc74e0099b14e509d33649b43ff108d85f

SHA512
029527677e3a316a0929a111701c87c5fe6c11ecc361a3c009de75ee06d110245d0f250fca836a1aa0a90f86237e3102bcdf60ed645a9b42ad04bd50793aa09c

Download Submit
C:\Users\Admin\Downloads\Redline-crack-by-rzt.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit