hxxps://drive[.]google[.]com/file/d/1xEDbPOeLmzT4zFOu9m0v9lokPJrVZFkw/view

Analysis

max time kernel
105s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
03/04/2025, 17:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1xEDbPOeLmzT4zFOu9m0v9lokPJrVZFkw/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
55	drive.google.com
82	drive.google.com
7	drive.google.com
8	drive.google.com
23	drive.google.com
24	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133881743725750399"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-83325578-304917428-1200496059-1000\{73B23B3D-AC28-4A24-ABC8-D443A4A22DD4}	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2844	taskmgr.exe
Token: SeSystemProfilePrivilege	2844	taskmgr.exe
Token: SeCreateGlobalPrivilege	2844	taskmgr.exe
Token: 33	2844	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2844	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe
2844	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 4412	3628	msedge.exe	88
PID 3628 wrote to memory of 4412	3628	msedge.exe	88
PID 3628 wrote to memory of 532	3628	msedge.exe	89
PID 3628 wrote to memory of 532	3628	msedge.exe	89
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 868	3628	msedge.exe	90
PID 3628 wrote to memory of 1080	3628	msedge.exe	91
PID 3628 wrote to memory of 1080	3628	msedge.exe	91
PID 3628 wrote to memory of 1080	3628	msedge.exe	91
PID 3628 wrote to memory of 1080	3628	msedge.exe	91
PID 3628 wrote to memory of 1080	3628	msedge.exe	91
PID 3628 wrote to memory of 1080	3628	msedge.exe	91
PID 3628 wrote to memory of 1080	3628	msedge.exe	91
PID 3628 wrote to memory of 1080	3628	msedge.exe	91
PID 3628 wrote to memory of 1080	3628	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1xEDbPOeLmzT4zFOu9m0v9lokPJrVZFkw/view
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7fff793bf208,0x7fff793bf214,0x7fff793bf220
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1872,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2260,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1936,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3500,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4128,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4260,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:2
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3660,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=4468 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5096,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5380,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5376,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5904,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5904,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6248,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6384,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6276,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=6508 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6268,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=6660 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6672,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=6420 /prefetch:2
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=4472,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6352,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6308,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=6292 /prefetch:8
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6568,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:8
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6556,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6560,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=6628,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=6508,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4604,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6992,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=7000 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6988,i,11145039821171760097,16451950533510118475,262144 --variations-seed-version --mojo-platform-channel-handle=7012 /prefetch:8
  2⤵
  PID:2732

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4012

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist

Filesize
105KB

MD5
6e82345aefe362b4c5071e7df6c07407

SHA1
44176a6b5c2722280699b8cc9a174d168fd4c161

SHA256
ee1ec48b6b166582c51a4141a84f48731ce18a62e4b7faeb9d60560c8f9c382a

SHA512
20c0f5862226a3eb17832e7c793f809f2333e0e0068dbe61b5865517fdd9f84bb5ca8d97bdb19a005a25b789ac75a09067350940f042fb5123cdb682ce2c98d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
caba3b97f983eb81b0720471256478c8

SHA1
339f3ecc344478074922a419c72f2d5ae5057596

SHA256
ee9a4e8df1a64f019f80b1d75be15fd30693816fcaab4c7425230e96b6badba3

SHA512
2509f6b967fd54eb3dce44408b7e0b5c32c2900a68082f573aa8382def609314022cdb0759ce9cbd88f6a7c2b83b3026f464388f3848fed913cae30d7f2b730f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
36f9fd1ea77d2f590556c7d635edd948

SHA1
77be267292d38d47ce859e8924a6730130f7f2da

SHA256
3e876f232d2a766cc7244538ab5fc61da25853942ffe237bbee3077f0cbb435c

SHA512
5c222b04d880e65af08e3ca8e8695af07d0c29ef5cf70c74fa0d81baf12f7dd7ad11073cff8651767e4743f40bc3fa93df6198bd3cbdcbcf38ba1ecbedea5a42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
1a82442bb7cf2072aba257a7a8aab1aa

SHA1
f13617d0017ee86ab0da613dc98ab64ca6cf1df1

SHA256
6afea9794e481eb4e85adc66a27ff9f75412f0454911e928915f70e70f76b3a8

SHA512
f120246139aba723042143f1410ededb6b6d41aafaa5fd4531719fd8b85537e8e3cb94865c68801004022e1624f61832e49d38f0701df59f46d48d366f579da6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3888d21759984e689ecf9552a8696f86

SHA1
e63023ab41d43253111c41e04969c9f2ea2fd37f

SHA256
2d0bcc5c3fca67c5b3999a2bfd3620babb4e720bae73fd89b58d1d4481360c7b

SHA512
68d8a7066b1accb790ab657583c3cff1ef7e685f60884eac1139fb628cec49a5f9e7f8ad86a5a2cd4bfceab78425f1729d49195f8cce2388952a1a912cbcc482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57ce5c.TMP

Filesize
3KB

MD5
7ec3a2707e49b4d82cc2742c91a6460a

SHA1
1ae5adccb01aca5388c89de024f0cf11efa2a6d9

SHA256
fbbcd7acb47a5f8089ee183e544e20d35b3d9fcf408d5aa08706fb6b6c4ea895

SHA512
157b00f1fa13d270d420baf28b13db83585285569fe34d590794bbf9cb874e3ec257b63770f5ef7318a3d0ea999ce4fcbae5dcdc9032824e0ec0e7d9e8a9cab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
ab2fe132f740ef45b037454688cec727

SHA1
a542a4aede7eff04a57cbeea51f4fb4c44d66b12

SHA256
00f5a0321c113c4576611ac7681c039a652908900de8631a530c1b88bdb8ad52

SHA512
cbb630bdcfe3611b1db15708ed82577d7cf03bea7b470127307a2b9e2e29b95a398fec77f76a75547480a81f8ba265d6c136c3328e84403544a3c44c671504d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
c761d9af22f46046dac8362e307bfc6c

SHA1
83d0c5f4e6d78fdfe5abba5c53f017c9e850a302

SHA256
a936df57df89d99f17324eacd309e43e4c72a766df00900891d863bed13fdd65

SHA512
4643765ce09391495b5a46fdad0e8677733ab3fb8dd181a9ee0e8bb7aa82a4b4be7425c38ad55e338c4a8b353350ac75a0fdcac1c9e87657b0f97edd5caf021a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
99849a75e08ee626f527ec006b952ee9

SHA1
c9b6cb6146bb4866e651c54285cc040fe03d8939

SHA256
7e27b6eb74ac846956a7a15d8cfe64424b22191dc45d0dcb9d5d72a4ec2f98fd

SHA512
e66548807c38f46db594a4db040f0323d0337ca08602e16024b06bc6331ce8645b71fabed4abeaf4b0c4be9013f2360829f1ba7ebccc6f999511ccb3b7240d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
9779b61bf893ff1703013473187fd666

SHA1
1adc032b3632bd220841fb9ce627914ecaadd80f

SHA256
a79ae58375964a2dcc0b1305a07817522010a95ebda8d112ab5260e5256e5833

SHA512
dd1b99ee154b62d6f1bc164f8beb6bce60ff6e80a8627cdc43c11bc219f639d21e52e122a73a6cb71d249bec587297d8eb53d5bf02fe8a315b8d8fd0e1cf7193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
6ba4029eca1664072ef6e955349b2ff0

SHA1
31a98c5f1bdc3fb47331203cf94967cffb4bebc4

SHA256
a8edc647a76639687941f1cea81b02e03c0d74d3554130526cdb706ebd0ad138

SHA512
8e4d07c9757508f43a0dc51276dd557033ba2baa8342ec35d6e56083e25bf7a2fc23192a14f5fc479c68919b800c6f6fa1e90417680b90a6e0be08d2e9ee19b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
b957f44acc34485bf27e1ca7846760aa

SHA1
5855ea07aafedd8d35c746930b5a37fe28e11aaf

SHA256
d9a66a9864ad24370478c7f4ec93351bbc2cc3b0307b0be60bbfa1880ac28f38

SHA512
8b2b3b7d9d145aad57e2871221688d5c389ec8534a53f28e6cd870cd9e4c282973abd97a44a2caca7269695a86ea508e1296e129b5ec748f90974e80a484e5a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
58c300dd997ebeac3ced68de585990bc

SHA1
f16f4ead9d8dfa75a2c1bc4ca2b9da7354ad96b5

SHA256
d86fbe48e145f2bcf2d9bf2640c286be3030eef14d07d938a6a948f99403ebdb

SHA512
659999af21509c2ba468b2edf6c2a7b46b7e4e1bc579d9480618a6fb021444c9d2491c5401bc9d2d6cc6158cd0929263a42d9200cdccc612e9d5ea3300f2c3b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ce4c.TMP

Filesize
72B

MD5
8ec50d34aa2af890582e279a138bb7f0

SHA1
93314b318664fa7cec0dc6843dddaa57cedf3dba

SHA256
d54eb1d669b396ea0fa777545d5344c78791931e7c5d2a7182ba7e658ad71ad2

SHA512
6e6f477cf055ed5d987996224f605b8a603586d702a370a9bd3a9b869d9dd3d08cf32793463b680a7aabb160e2f84f8a67032ef30a1c8cd23f9fa5fb2d8d6710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
6208debd6b3fad686a1b03229d31fa4a

SHA1
f353e6c84dced0e1607522d404e5d02ab5056b63

SHA256
1d68ee127e7cb2d26a0e6736db4a9b6d2263b50eb0ea75dd15134fd26a4898ec

SHA512
570f7e41ed7a9208fa68839c37420a1523d31ca94f7eddba4ffe6ab457fb0cd6a931b2f7b02fde234361f9ce4359be9596f6b9c1da13dc30eb435e58e3bf9f2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2618534eadf8686b7e5947eed7bc04cf

SHA1
060e0cccbb748a07ebbc079b77d16102ff1d0ed3

SHA256
f278a0b7e2cd43c1e4c8ae1e47ff92ca8651ddcb7af29e87e45b18e08ec021be

SHA512
86f7587a626f32db34984e3c7b63a865fb9a98bb66e8c0ceb49ecb32bad73cc874098d020e75fa5362cb753da87bee8dc7ad2f4be8d5d3943a4cc65481334663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
18KB

MD5
a2c89c035f695450357411254df94720

SHA1
5de60efe590d2480ef81bf1737da2042829a018c

SHA256
a6e3061a09fc471af8e06fad98b4f8de944124fbddd348183dc50a483b4b7bb6

SHA512
4a89ccfe11fca0f5da56829cbdbe665b107177f9d6727cbfe9c66e4d9fdc94b66897b16c4a93efd666503e47c6ee8d62f23182ebe05e551d6a781870285ddb6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
bbe4d8ad04ea8e58f7c851f110a141fd

SHA1
8be84f828b52abf0cf9c1703fabd3ef5e4408ad4

SHA256
5a77d5d88f6f808e2b0462fd430d60e9f115fcf4bd92456ffcf12918c18dcddd

SHA512
ccf40aad13e08ae9fd4d476805295710e64aedb2a17ce3ca29505e411562d530c4a8fb7ad07f43aecd0ea6d0e75fae1084628b0a3755baf25c060cf61e483a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7ed756cd80bc7c813525df26d6a7e6f1

SHA1
3ebea829e81db4b252602cec7ca235ad227e29ee

SHA256
73569bc21eb1efa1c05f7d99218f661784753dbcb00dfd13999c78e1eb259d3e

SHA512
274db5ce446b99cebe5103011d1d801fc51b00a62f0aa9e75986de65a82e3bd68601de0a8ffea77ef4876c562d2815b700bb6d8930f1cf5a605f5840c33051fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
12eaee2ebdd59cf115525331febe4555

SHA1
a3870b8c83b2face7be6dcb36af2bed1f08c5d71

SHA256
2d60695545b4c77dc02fd6e6dfaa2518205769d2e63ba00059b70bdb30f4e39b

SHA512
72368b3e895ab3506b299b7c400215cbc9ba058ab9595dfbff895aec71948657e319087b3bfb8ccd4ac30290d88bb4af1ba39af9d417a894ee5671ffc6be6c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
27da79cb41747b1e0cb77090f4979672

SHA1
b78148d19889b0b1b49b7f007596c3c58e9d2fbd

SHA256
fcb8210cfa38910d4d8e1b832f29055c71ce20639c26771e6867025445a62ecc

SHA512
a777324f1fd12847858e02b105dbdd4425ec444470050ce9bde7398e7e75fcfd730a3b31d0615430631e4a91a2364325bd215da2f0066aa21220529cd4fe3058

Download Submit
C:\Users\Admin\AppData\Local\Temp\033b3a89-0846-4c74-8430-3aa477296773.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\76b22ca9-5f04-4325-bbac-4b8ade2fa1b4.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3628_1489255934\28245f93-36c7-4782-8a51-9d94f24bc82e.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
memory/2844-912-0x0000020CA3CC0000-0x0000020CA3CC1000-memory.dmp

Filesize
4KB

Download
memory/2844-913-0x0000020CA3CC0000-0x0000020CA3CC1000-memory.dmp

Filesize
4KB

Download
memory/2844-914-0x0000020CA3CC0000-0x0000020CA3CC1000-memory.dmp

Filesize
4KB

Download
memory/2844-924-0x0000020CA3CC0000-0x0000020CA3CC1000-memory.dmp

Filesize
4KB

Download
memory/2844-923-0x0000020CA3CC0000-0x0000020CA3CC1000-memory.dmp

Filesize
4KB

Download
memory/2844-922-0x0000020CA3CC0000-0x0000020CA3CC1000-memory.dmp

Filesize
4KB

Download
memory/2844-921-0x0000020CA3CC0000-0x0000020CA3CC1000-memory.dmp

Filesize
4KB

Download
memory/2844-920-0x0000020CA3CC0000-0x0000020CA3CC1000-memory.dmp

Filesize
4KB

Download
memory/2844-919-0x0000020CA3CC0000-0x0000020CA3CC1000-memory.dmp

Filesize
4KB

Download
memory/2844-918-0x0000020CA3CC0000-0x0000020CA3CC1000-memory.dmp

Filesize
4KB

Download