hxxps://mediafire[.]com/file/bqce3z0bfqwh5h1/✱Ҡҽվ-ç⊘ժҽ✺--4163__✼៷ₑｗ--❆𝚂ค†-Úþ❅[.]zip/file

Resubmissions

08/03/2025, 22:49

250308-2rth2atvby 6

08/03/2025, 08:11

250308-j3f3zatpz6 10

Analysis

max time kernel
149s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
08/03/2025, 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mediafire.com/file/bqce3z0bfqwh5h1/✱Ҡҽվ-ç⊘ժҽ✺--4163__✼៷ₑｗ--❆𝚂ค†-Úþ❅.zip/file

Score

10^/10

google discovery phishing

Malware Config

Signatures

Detected google phishing page 1 IoCs

phishing google

flow	pid	Process
59	2976	msedge.exe

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	mediafire.com
4	mediafire.com
7	mediafire.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2800786028-4028220528-1905518260-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2800786028-4028220528-1905518260-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2800786028-4028220528-1905518260-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\✱Ҡҽվ-ç⊘ժҽ✺--4163__✼៷ₑｗ--❆𝚂ค†-Úþ❅.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2976	msedge.exe
2976	msedge.exe
4912	msedge.exe
4912	msedge.exe
1688	identity_helper.exe
1688	identity_helper.exe
4208	msedge.exe
4208	msedge.exe
2336	msedge.exe
2336	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
756	OpenWith.exe
1420	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 1120	4912	msedge.exe	81
PID 4912 wrote to memory of 1120	4912	msedge.exe	81
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 3304	4912	msedge.exe	82
PID 4912 wrote to memory of 2976	4912	msedge.exe	83
PID 4912 wrote to memory of 2976	4912	msedge.exe	83
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84
PID 4912 wrote to memory of 240	4912	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mediafire.com/file/bqce3z0bfqwh5h1/✱Ҡҽվ-ç⊘ժҽ✺--4163__✼៷ₑｗ--❆𝚂ค†-Úþ❅.zip/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff900b93cb8,0x7ff900b93cc8,0x7ff900b93cd8
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Detected google phishing page
  - Suspicious behavior: EnumeratesProcesses
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6764 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15842089455089332796,4417721679888006277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1432

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1060

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:756

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
68252661c13833baffb92e72d176db12

SHA1
88da3029fd2e8921ec137ca64e6e90007bcd829a

SHA256
4c143b28e1a84796911b95c1964dc6d7fb00a5f0e3f677b5eeed8ab2c0e5c73b

SHA512
11473d5f773bfcd4972e427a5a6b12dd151ef983ebb333d76adc49d0c295287afe4f794190c24f6e7d51b0357e68512d3dad3bf4b24efa192d249f339bce30a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7309d2cf164448e8aca35c89bf76b2a0

SHA1
67d6317c2b872b5c5acbeedd7acabab1ee8153e0

SHA256
080c145201ae7296ab59dcb8fd026f248cd6435822e34cd30b597f2d48199be9

SHA512
2c59f518142f92fae12e5c76201738b6e35ced9e4441d785afebf4585888bfea22f85055436a342f60117aced60f62359d010a538a3a3dff378cead3765051b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
83KB

MD5
fc12d51fe9dcb609c31f14ede2dd66b5

SHA1
f53dc7c2311a6383ac15b564ecfc7bfbe3d66db5

SHA256
2d8a2f9d216e15db64b691d23e2c8773406932cbe5a333e0362368039ff4eaac

SHA512
a6f61bb89254fb5a92c1f07dd64656a071a7814b847c380b48226790f0b2032ea5fc8bfe5345b1bdb8bd1f8448f3687470d2982749d312339a8ecbfe30be9425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
99KB

MD5
a8cdd6516ec9e4e3965815536a899362

SHA1
6ddca45316837cd6fdbc713acd8b6ad03c389dc7

SHA256
afd5583b7eca60cc6da9c6ea17855257844daef9f78fb817f0ea7f41ce78c9bd

SHA512
c29e17fc29757bd107ac0440359b658f944820efd7b738387f9e6e6419c8b40bd20aac3e8c573e9abc99db792341fe9dd64a5cbd011ebe036d3d5a55e3b2ab82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
143KB

MD5
26aa48398266d27503ac1b968fc40c3b

SHA1
d0f309418c84c84da89d041da5b1019ae0b284b9

SHA256
27ceb078ae1f6397d744ce7191770b31188ad4802d6c8f39a3335212cced063e

SHA512
ad18a31a002681120868d4346cdc738e03691218c7944a0a0dc9e0192746253faf49e7c90fdd6743b8398738ff35a8fcbf8f57623bd7a9b39e6a43be8ab8f69e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
73KB

MD5
5233394e47f89ad9999be2a37f463ae4

SHA1
026ec30b929b81affddfdf573c03afd1ea529ac2

SHA256
d9e73ba00b81a9edc94829bb0fc64f4b050d218c6585ac72a4206335ef10e0d3

SHA512
9bbf861f055014f4f5f085c693139f7a8bcf0d4a19a27e4325f0e4fbe77580c7936a4407b201fe827b469206b63eea74401dbc5cbcb44f44f1d79f046c4a3738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
382KB

MD5
0084add7c1536ee1bf4a3317592ce90a

SHA1
221f3f1c37930e5c25281b04378e5e63ec11c5e6

SHA256
978e5bc7343caf2ddbcc919c0911c0b0c366e62faeae9c1bdb5ca0c5adaf71a0

SHA512
9f53359854c272e3a181db78ad5afd6b3daf42553cbcc1e1536e1985bff57a03a5edef50fb5c73db261e0879ef7f16dd3a0f0fb66b4715cf32e3faa273b85001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
250bec21bfd441bd1d11070b5348045e

SHA1
f522873cf7d44b6caa1d934129332d8275345bf8

SHA256
fdc0aba9647de04d86da4c1435a6df40b14882d7fcd864455fb1dcc611fbca88

SHA512
d000d8f120bf1339a23a298ef7ab851a1ca35798c5691de0b95bf4f3efa450f9cd0dd3322426be73d5e5cf7d1504212aa8cbda1c8a9afdb8201139fd4bb3bd37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
7d2bcf6a98aa69a7c365738dd245d63e

SHA1
aec53014188c8d73ac97c13418d7611557fae6ab

SHA256
616b6e7b8a93a21f733809b1a025bfba85b8440446d7b26c1b875f1ebaf12da4

SHA512
815daa2514864cc0b675190f1e9897d83739ff6894d77b0cee3ebfb7e0d0936319b20869df0f95a9835feea0133ba432479091dbeafb5b3c8ebaa88dae5fcba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2765349659f0afee20e9c613076d2f31

SHA1
6dc958a894a346a71727547236393f7d6bcd0384

SHA256
aca4a806949a6e1a66dcc42fefeb2bb9bd11c11885ec8bf3dc6ec9ca64e78dbc

SHA512
34948febbbe786bb0f525f096ed3403784f5e382711eb5029b6fa7faf8d54e42f22aabd5e9a43ed83b30de99f6ebc6f1c09724b52d50c65965cdb8f9e2746324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0ac931e82371d6906aedc72e646cc89e

SHA1
949001aa56608b407d65911319da7f0984c1f1d9

SHA256
2d75bd435ea6c126a197bc00dc64761dfd5dec68f1d160a61323a1041573ff1c

SHA512
49796fcb7ff6908c338aa6f71cc7542661650c168001864d09222f7811c29a6c06fd6892c43198bb5f914231cabcab7bcf68f1bad07f05dfd3c58c165268e63a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d23a66323da081fd617120b35f67bd35

SHA1
822eda29f1e2f46cf001b7de77e495a2ceb06019

SHA256
1888356f430ddb9584ecaff46084ffe37572644835b4a10c1e4a7360dca501cd

SHA512
bb69853651e86be09f9c72ba49235b97d06b41998d8fab296743a1f14601eb0e843c6bdc79ef057b5a18ecb4c9d335702e85a08870874ef41ecd4823bbaa0539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8c0bb6437e72cf77b92a9698c82cfa9a

SHA1
e0dc0e50af141417fe52c12c5c1365ae7fdbb0bc

SHA256
e86718f434095d30d4438d617441dd244d857c1f45c91c67a09c4e756b7b884f

SHA512
c18bca7ca496f2d1f764095ccff70dec146c7d0e74f65a457af3be22e11a08454f2e65fcb791242c590a4981e2e6d10d74cc21decf45ed8f88e1e4c4dfae9493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ed1219d444576b8c4c60c8c2f9a769c2

SHA1
5fce8975a2b911207120ba955775ac315889053f

SHA256
9aeae832849041fa07aa0542d5b231972a97f2243098cd1fb08bc00e68b63258

SHA512
8d73ad0cd6e32a9e31afe5c94ebc5b38aa7d923715e41cafaf49cf9a9f48a1cad45d96cd2ea359bab65a6c4ba75e96bb264150bb7abd700dd7e4ea4fb90fd745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
640b2789726eaa856c6ff3e3b05a9727

SHA1
3c77f4cd01f2af6be05d06a437eef41856574552

SHA256
5816c5566b452f6ca6093e8ae02f48b8dc8d9b4c58911796bcb764e3efe97f98

SHA512
6533a6e9f98db2d6ea0ab815afaa232fffe7c9368751398334e58a7a600bd192dc9febf3f1092f4e8b8d5d2f2c09ec8bac8a30f4326da4da536f8e9a9f47756d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30d4648402e0ebe5c05c407dc3855397

SHA1
ad46f2be7c67133c8b171359f2da560429cd0395

SHA256
904ba68c33e031fa720d962c78902189ca931e1179303ba60cbbc99d4127d998

SHA512
9f6e0c5db1d89f1408f8a84874f71a5d9103441967125a25f0a1883c27bfe1983b82695cd57bb42f28784e098a2d32caa8a0447d6ea66a6afa882ba38b4a860b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9bfd09af196347e2af18c1e7b796fc5f

SHA1
0dc5c9c720725988b7eed89ea9915b7afd540158

SHA256
bdb76f6ee53ff77e3727d23915c280ba0a0d5ee6c21644adc72256446ae86baf

SHA512
2f4ec2fd4895dae900a3b73aeb3d67f9064a20f462ef9fda2719eb5388e24960e7b115cf0f2f86d099545d76fbef2b746abffb3177cd97d0fd13cfc918553655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
579302e5a50bc86953594176cae558a5

SHA1
b4f48807b1af23d9ab61cf3d69e9396f25cbea06

SHA256
c053fafa4e436e90fff5cdc45ef549bbe7dc73b1308c4f59ddb47a4164b2af6a

SHA512
02528f866504dce40d53a15c4f02cc480dfe1a53ef810fbdc0f4fe0be6071885d67da6a3da6b4b891579b0e350de361012d0581d4f0c447befa7c250926d3f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
99021f2c426c2fcb3c1d9fbca74e87ae

SHA1
cb7c078ae1f37dc296ebfdf923fb1ad517982607

SHA256
c84ab947650eff00e8b020ae2b71566ad43e519de7da437c848880bebf0abb01

SHA512
0c5a62959fac3f09871aed8b62d27f9408aa015c712ffa5fd4c595d72b93ad54a6349464361c40872f26905d7a7aba28b0eee702d71bc7fbc2378feeaad66c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\0893b79e-38da-475a-95d5-679b70c44f66\index-dir\the-real-index

Filesize
72B

MD5
d653a4012e0b383260ddfb8fb91a54a8

SHA1
566c6972eec6289ec5ced69e424d61225eb2ef90

SHA256
68471a4fed6753fa18143dcdb19f796581fa3607d3ef62999e347bd648a76ae6

SHA512
f40834632efba564817e48db08092c8ae0275c5e51a2867a54402d3afe3dbed3286c4e1145db7933573f3080cb5f5d4ec5b87a3e24814ee1be07f28bd2b10bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\0893b79e-38da-475a-95d5-679b70c44f66\index-dir\the-real-index~RFe5993ca.TMP

Filesize
48B

MD5
73313d5e791a6a40020e45d375b2a812

SHA1
f02f4d097b31eb5aefd96ee17715eee43df3ff28

SHA256
04373c3dbb569770d2a41ec70ed734bb14b739107e70474088d22671951d3981

SHA512
bb52edb754697b25d5b9a20a3e22ecd7ff34864e36f2fa03badf856bbd90b0f94586c8c6fa8c3aeadfa9b441a7266a8f1798877a0561b5b5cc6758eee34d756f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\7f343db2-929a-4d74-9bbf-cf02d50c6d90\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\cc4e04a6-259f-4428-866b-80268b0e2899\index-dir\the-real-index

Filesize
144B

MD5
8db4ae94dea27629c8090c2653d2bfea

SHA1
f3b80fd48a90a8ac2d75032fe254043739aacd67

SHA256
d172445dd57e39ce2a541b2a804468d7333b3e51ff674e2c78a3d7779a244650

SHA512
f767da7fb564afee7adfb1a8daa70298dba473877e130a88c479f4741943d6983667a52e5e4da9ebb1b30b459a56d85bd00347b2e362e98c87cc32e0a69ee6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\cc4e04a6-259f-4428-866b-80268b0e2899\index-dir\the-real-index~RFe5990cc.TMP

Filesize
48B

MD5
921f956a68c83731e97d1874cd6a8ec6

SHA1
91dd1a3cd1766a14e6a0ad392cab696f6a9581cf

SHA256
ea07ec71c50b3bd20af17c89bc00b5ca13f2228707600c015ed3f8d3cefd8a9c

SHA512
129b0d9617ca3a8a1b82b4103f1e27ebadc47f7809b8ddfa39d30f3ad65f70d0d3af3fd7e4d3e8f3412c4c85ebf72c5ade43620eea51e5044d1175ee8b611572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\dc7123b3-2ee0-43b3-9c14-69193d747509\index-dir\the-real-index

Filesize
120B

MD5
dd6846d43ef31357aab6fdfef4ed1155

SHA1
5d8c03ccfb6a9f0005426f68e7a6825f497b0ab1

SHA256
d7afdc6b34fd8629793ec028b50f25a4162c253718e33b794c03c87d595ed93d

SHA512
adabae48a5d78d487e8358801244d9cefdbec21dcc2c7ec53f44a3bc5b9b03acd93c22f7eadcb0fd767f82d7ef299f29c4ecfba68e5f435a22416e696a0f73b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\dc7123b3-2ee0-43b3-9c14-69193d747509\index-dir\the-real-index~RFe59939b.TMP

Filesize
48B

MD5
83a29153d5d3a9ecad3a39b9609f86fd

SHA1
5f3f85fe4cd984f8532bacd97fea2728f90a8801

SHA256
eb3017cbbc1e8935ee3189f709de6dd96251057dfa62617b614b42c60965b188

SHA512
32fa7a1eb7461075f850f0b336e817f95dce465ef808e420530b522026536a5e47bec374e6ab22d96082d518925aa537ffe687d2996ddaa76445130b76b32eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
130B

MD5
f7f49ec5dcfdb87ea742fa3131e82f23

SHA1
448e50a38ecaf8391f6654649b9e0f1df5edc66f

SHA256
92d5f7276252afacbdb098d361cb93196f098779023f1c8ee07e62dc42670a5b

SHA512
2275bb8855efb914430887495961c8ca0f6295d7634d469597d3ecb5837676fcc5120bd44b6b96136c3a3200cac2850f3ead0b65fcbbf18bc98b19fa9f12bca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
226B

MD5
8083781ea989eaf7d0d41c32b8716b71

SHA1
f8871e6252a37a1105bac8695f34cdf941773d8b

SHA256
c0d2b5517417e5797bb09d1064ba888d71c7e27c64b99dcdbb4625f700b7d7b3

SHA512
d645972e4349bf196407706be447ae3be889e51161181664b96845719cb0de593ee3893d397886c337252cee41ec0d7830ebaa8cbdea250dcfd148ef2353597d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
359B

MD5
fc5979617cc5562d2a4290703fd858c3

SHA1
c46954d3acd38962b3e875ed8f3d8767440a1197

SHA256
da34f8b279eca3f5a69859eb0b888a5da7a71c9315c18bbc7a57504d3a63e827

SHA512
a440cf881dbcb594b25bf0442be1822746ffc547bdac44a92923c6415d417feb92338c5d1a37341f74ab22dc6d1fea590efb7998dca32e77fef11fb18c46f244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
290B

MD5
494eb2a5cc4e1196f24b4a8d77b25770

SHA1
8cd25f12a170aefb09be56bfae6cf39ee622fde4

SHA256
6fd1a7db1a7040f7c94c2877a1f11b5983b781791172f7b8d18a3245a2195419

SHA512
3748537ade6c4c5e8aab849217105adc7d2c60eb318f4e3855ccb6ad3ed085390bf71c25067da3c1ad3d4c35c144c00e04bd8d7590bfd4cb5d30568ba11d5444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
138507458223faef5d0b836f8ec14442

SHA1
c25e2a2ceb4a38b380b152b47cde8f4934136caf

SHA256
5ecc7a672e94e09de56325cb0fd4e5edad9b96f1c8cb702c6a766fb9d152ac40

SHA512
458f43da720417de11707e9a460b5d7766af39eaee5be589f9d5b03b763ea899d12af631b4713edf745357a778ccf59a011c0bee469e753f90215e6d73ecff1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe598cf4.TMP

Filesize
48B

MD5
d69a483ef6a070ae9a349c63ee962a89

SHA1
4534007de7a1803a2e274c6606d2183c209a4d62

SHA256
7b2f519e5f62a46d8d718798ec40d102a07427a155f4152a1e3e45208fc15709

SHA512
4dae87642c406c01d57e720507e46b26bf803296684d379e56575a3646b43f5124d67921ccb2f015dca1235d84317a4b03b1bba061058fe71e764a8eda02541c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
212f850a974b107decd7f7e3079f73b5

SHA1
386490a66d4ffead9eba3e4227e9531c1ded89e3

SHA256
9d715c5498bdf92f5a8fadc19401d414961b5a627c44668985f809dfe04681d8

SHA512
cb09c7331955b663a3b9ff945b805139d9f8765e27574fb78b24a2a9c46f11c3ccada5270df6134c8f12c1ba3aeca49498f5dc4f5eafdd69de06e955f1b1d6f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ca542371c20559fa43c14a824245d4c4

SHA1
62eded51104dead71b517b670fd67b2afb681b0d

SHA256
c9580403da98a55212a036081ad46b8f91578b576d87fabcfb38f700b349548e

SHA512
593f2d3a5cb5aff1ff89aa120cfa186b121b7ba60991f7de707a2f52a3b42618a781742d7c4443d6c2d7dea92db8b80e226c0570be10c108dd234878d332d3f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
865894442693b105cb3f99aa183e745a

SHA1
7d567310c85f256cb3681e9be6b71d6420f205a6

SHA256
a79731d3a0f75892f53f0a589155c774a5f774fd5c47946c024042ddefd7d77d

SHA512
7507fadff3185600d09c5cd84f6a73fb7e00245ae2ed5c4b44af97f6a11175021df0d41638ee787b435b484632728d7b183cf6aa0c59384baee24ff97c668798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
064133cc656a6da7802a22178e4f27e4

SHA1
989181660ebc0e36511290509da2dfec4554bc94

SHA256
b75ee2a96f7e8b6dd0872d33b9e29833d38c459a8929d56e5847c27d26373c66

SHA512
af8b32b4db59b9f5b820e506eabaa4d51165d60dd21e33659ed9ebfb43c54f666cdda918043f00f9c47b496fd5416d95107d32becca1cafe64ec095650cbec54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7d88d8720b82e4b185ff3ee343d233f7

SHA1
5557aa5d13f09c955f4251282bc5377f808785c9

SHA256
c3e288c97759a4503de5324a1fd3ce697a2fafdbb741c22d5e69638fd2397e96

SHA512
f2fb048fe67dfcb4ef8d37dc073d7912498da26c5fa49bec3b7de23116975487eab2a8f0012ebc45bad82136038bbd537b3ac3118f29d7f86ece635096aeeda2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
df9bc44663b21a848d87ab52251757da

SHA1
c50e10b642b78a592effa388a6a38c128a15cce5

SHA256
e6b2b296a6723a8ab3a4f1cb6a6cbd139ad3d25e338847310f37cf2d252541fa

SHA512
f9e74a5dff32833fd707c4fce528a0b8984d46223f48307dcda6b3ca85d523bb0e8415d40c8cd783f375770fb31c898bbdb5cbadd70cf8261b9374d26d50a66d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
db45b9c18e77fb0d577dff321222dea7

SHA1
4d2c0bf98ec44ac79dd303741b69df52a5ed37cf

SHA256
fcc69b127a229c7a848978214837afe3b93ba2b8329b6bc49a0f846e8fc4f767

SHA512
1f252f6bb1af8e014649524110eba25803e5aac8c0d03c16da2a83649c1394b76b08ab8bd145e417fbd7a89d3a9db046ca02128d1063fa39ee74977462a04e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
53f06b0c547f0e66c033f083f40bffd1

SHA1
0b2723ce25b8722a3fa64b004cefaae210066626

SHA256
e6f93882f8d9b117d6a7cfbf34067d5bc547705f66d8d7c1fd7b605fecd061c2

SHA512
48781a8045acaa1d840983acef2f8ff29fcae50606c107f3bcd09d676590890eb3b0327a789532b4a7bb999c2875867671dc8e61cbb53ac37054b8411ac62c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f2fa4c9dc7b1e3b9d92d14a136a24cf5

SHA1
bf0655963b397892c956e015ec3896ad1b72b784

SHA256
cd26627e39fd541136acc3515d5e95972e4f62a0fab287eeb0a8e2367c21a26a

SHA512
be9a97bfe31f0a1a35d93106af29e049b514bcf944fd73c3c836e47b36032046cd4cb6ba99911aa10521bb69fd194917e1b1087c8519bf38acd2bcb15b0b9cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f6f3.TMP

Filesize
538B

MD5
5c22311dc39c36bfaaea275bf60725dd

SHA1
5a7f115cd169647dcfce8274d9e282bffc975d5f

SHA256
2ba15ca9d50300a9c472ebea81440f173f1c9bd3503996316b1a1d67d56b640c

SHA512
4fda9af5d3893807f21ac50e86217b294668b76ee5949673c652f0842ccbe2f16a459afcf9adca5f5d86657c54bbcbbc3fb3e2c4d6edc81ad05075af199cf899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aeb2c1d6e41f645015b57a6e98a1ba8e

SHA1
2e1f89e0b596d67b541230015effc6b718ba9f50

SHA256
5bb791917be456f914b58ad722a2dda0592e0c973c001e35a173cdf005f00f4c

SHA512
eba11e6db172cdea9ace5683b1c67ca7532881752eedf59892655d54a71d6241735e218ef401bbd758f77b1ff5425f042e44ba841032582477c153645354e056

Download Submit
C:\Users\Admin\Downloads\✱Ҡҽվ-ç⊘ժҽ✺--4163__✼៷ₑｗ--❆𝚂ค†-Úþ❅.zip

Filesize
13.6MB

MD5
b99b0ff42335fba0c40cc25968af6de5

SHA1
fd915de495b1f81f8be56dfbf37732e614cc4414

SHA256
357464f1730180263f6d558700f5c68c0e3a75e51dae4ec7e879188eb069c3e6

SHA512
7f366c131489d6672b715b19a1bb888c3547183e7f6362618b12f5c75661e223c77892829444bd2f0f09d479064e2c5e22a3f250fcc5383e6d37e2f8a755a4d2

Download Submit
C:\Users\Admin\Downloads\✱Ҡҽվ-ç⊘ժҽ✺--4163__✼៷ₑｗ--❆𝚂ค†-Úþ❅.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit