hxxps://drive[.]google[.]com/file/d/1J20pidg4JUMJtV_SSRo6WZYuTSjoe-oI/view?usp=drive_link

Analysis

max time kernel
1019s
max time network
1021s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
08-12-2024 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1J20pidg4JUMJtV_SSRo6WZYuTSjoe-oI/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
6	drive.google.com
11	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\08cb5c03-94d2-4654-9421-0a6c4ae68924.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241208142956.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
4896	msedge.exe
4896	msedge.exe
820	identity_helper.exe
820	identity_helper.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe
5184	msedge.exe
5184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 4464	4896	msedge.exe	82
PID 4896 wrote to memory of 4464	4896	msedge.exe	82
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4864	4896	msedge.exe	83
PID 4896 wrote to memory of 4644	4896	msedge.exe	84
PID 4896 wrote to memory of 4644	4896	msedge.exe	84
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85
PID 4896 wrote to memory of 3020	4896	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1J20pidg4JUMJtV_SSRo6WZYuTSjoe-oI/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb753f46f8,0x7ffb753f4708,0x7ffb753f4718
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2088 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4736
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff65c685460,0x7ff65c685470,0x7ff65c685480
    3⤵
    PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7240 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=64 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=64 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7944 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8048 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15754431031651104918,1219732801456027064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
  2⤵
  PID:5324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4268

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9d533e1f93a61b94eea29bf4313b0a8e

SHA1
96c1f0811d9e2fbf408e1b7186921b855fc891db

SHA256
ae95a7d192b6dfed1a8a5611850df994c63ba2038018901d59ef4dae64b74ed3

SHA512
b10de657d0cef4255e96daa1b6ad0c99c70b16c13b8e86790ea226e37e9ded1a8f8bed1e137f976d86ebc3ea9a4b5eb67ce2f5b0200025d35dc8e94c947ff3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
31039497c5447032ebecbd8bd207a790

SHA1
c82848bcb880d7c6a15f9888f39389ae7cf47db5

SHA256
070d21bf94b681ebf79303eac6353c352fabf77472ce1e9b4d1330dfe3787e23

SHA512
85811c062a83d19442ef57aa58eee762b0e4ac8621b9ed913156b425aba850fbb3a1f5f3ce916719df6ac5d9a39b95fee488acf72ea98d688c120bce3356a2e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
bfc2fec7808c97d5c222ebcb9cbced20

SHA1
bb842bc85b05693248ba7f26e96269720ab0dd76

SHA256
967e2c18daddf7a397f337e4547da967d5187aaea2a8d08fe978ee0670c21e0a

SHA512
f4ac285333f35fd2f0b3edaceaa0657164696d72ec81fd21902ad77eee5c443a08afebd84cc25630c13ce3b0015f34ea7a97e0e19ba2eb3b8867b6e9c5ac426f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e29515eb593bb58657cb9ff509afba08

SHA1
22ad9a49e2a14ee4e7848a79f8bb251dfff19664

SHA256
7d6e041fa7b022548c18f4cad425c3b88d63e2897fa184e71765bf2045058786

SHA512
d8f11de1669dca57055c255bc93a21e4f618a95118622e3eebdf402405a4155aa6c80733e6f1cd3cacbb06b6c7fac36e74fa3fe7919ec2b7c416bf84295ccc83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3e09d0ee9af67fb946d2741cb4f6dd2e

SHA1
18ddb215ba9b657305718303fb0a6f8eb2bbd563

SHA256
a33d52eb25ab1aa641ae65de680091fcb8106e7512eba4efb8c8ef24c89cdd08

SHA512
4e8dbadb235c4f7abe9fea64063e88fc80fe6b180bea6b7777d7cc3d2697ef41cf2357851ef4f41966976144d5a71ff13d0c9eb0ae8fef3ad5022cb430d8463b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
5e8b40965e20ead7b02488368a85d9ce

SHA1
cccaaafd3d63e22f30128fdc3621e2a97f992a46

SHA256
76b89985049d06457853d52633f09be5362137fcb69a81f2c90024e709f04020

SHA512
1ca333862832335ed0fefad5ffab017e261a2b13e09be9c35620a109e67bdd7446c430f8d8b146713049d4797958e3894a4472c88e4e054ff5a35cd81a9c0aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ccd2d5171ac68b7ebaaf5db179a3b756

SHA1
7a8ff78eef08c778c4e73d19af1f1a8a66c35ba1

SHA256
085552ca16b6acf4cfabe748dae681ed4faeb093bc635b62ca4974926b413adf

SHA512
c50e9b06d01d5af312a9c48c98cdf0cad2be69f1e36326c4fc2a0c36d1748ceda6fb06dfd822eefbddd01c397ac5baa20fb8c05c1a4b40be82b475ea1df8bea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fe1e2e54c5e92c3b1513ae4dd53280ee

SHA1
291d300bdf807d31eed0c7edb20f5c0e5ffe7cf3

SHA256
f56cbae40ebcbb04c2c83ab954fd62b20fc9da3f8d5e864f37bf2fb2c874953e

SHA512
f27d19d642c9f36ce6170f02ed6729862c5f89744eefb3960cb0dc50fd9f4c07e5f175f5dcbf13f26a5e24d19f948f9a9acc5fb5003b7ff5508c3f6a462ac703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
5e1ea233e07572e2a9c4d03eea1d7978

SHA1
ec86061504fb1f88d629ef18ec20b3ac6d2b55f8

SHA256
24118d2c753c3c0e658375febda7075463da06f77d347443c502892bbb4a4b4b

SHA512
d449278e22820f7a10f2890e8b131a98a4f695e1b754861382aea03d71913c948f7a1e0ef1e02840458eedace8d92b903fec03f07aa14363590d154e217e71bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
12804864c67e2b7c2f21bb0dbd95536f

SHA1
812e81cec17c99f11267eb831bf82d1e33bf2e18

SHA256
1f6a76c989a1ff86a5f96e65385d8f9862da84a1047a40bfc60ded95e5bd672d

SHA512
5df4b1e158937cfadc10afb74ceafb378ab4c4f4f3cdd9feeb3b4ed26728d99cf1fab82dea8e120ecf78639e2304f33cd34d0a605e7a8d9434e6e87eb74977e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eaa036063995c054051aa0bae85354c9

SHA1
634e317af80ca571c3670fe44b40bef5217975f3

SHA256
966b3101cb69424fb7ff1f494265e3183b78b5792f53df690aee6bb0a3fd9db9

SHA512
d1d312ced75299e80e92a53a74cee52e9e8af4157002b89f360ae44ac725033bfb1774bf627811b699f9ba5c7070075e2864e26f9d8a7a9a3b3a30d3234f783c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
427faee74b819afc0007389032910d8f

SHA1
1b4f738bf6a5ff26912492f02aa9e6c5f6c29779

SHA256
3ad70f4da687995a5162e9aaa5520af67756f173468ab7316e7889d487db8837

SHA512
2813f0f91360ec86634617743afcd9bfd804bf5b338a4f9cafdff553b8a7a291d5975061da1fbc21df06ba8cfa110a654f4a23a388ba3b16514126b5eb3c501c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb6d5d316430665d67c089fa6e9bd46e

SHA1
0bd4ab915477a1e71dc9840eee4b698e9a0b2f73

SHA256
a48dc2947a3546fab808c84cc98faffd6ff9c02333ad477f7cc0398e89fb3d90

SHA512
cc3d937b5595e9c54e203a568ac1ddbfc1d5b37381a4964ac6235cde0671b2275d998d2d9d23591f6f05b5bfc98336ab99ab8c530279c188732ea724b2163d83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
921bbab6a6ba0ad7192259f9117e2bf3

SHA1
98a0b31b6f936d69bfba8b9a1e9048276f95dbb6

SHA256
e7469afc2dcfecff0126f2b5600b38fb5a7a102f87494430103d821d3e3d7bdd

SHA512
40d43deff545dc2d447f6930481203354c4eb5f5e366cda16c6491ed19f5d58d8a6d9bd0b47366bbc881590a3eaf791fe24061fe874d4c1a16804eec57b82843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7ec09c7cbd7cb0b8a777b3a9e2a1892e

SHA1
3b07979e57b6c93be7d5a6cd8fa954dee91bd8dd

SHA256
a623633f34a241b0dbc9fd26f34446d716955f94e90b2ff9ac8b9df801bdae5e

SHA512
5fff0a38a3b6e4b29d402eef2650011e4d9df514e0624767c84ea31cb73cbba10c7e0b5711cb487976d637f0f60a85c431cf0db54b519411245684c116c07b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ed659b1d7a51e558246bd24f62fff931

SHA1
84685d6f04379c290e4261ff04e9e1879d54d42c

SHA256
23fafd9073812d5ff8b523b84bc981e4cb410bebbf3675db2b29cfac0dae9690

SHA512
1c3203328583241895db9fb165fcfd595f642e218ee3a453ab6873cbac10ddab693cd2f913bab15c8bb7b5a12c5768b3dfcb278aad754dec1fbffe66b81843cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b909e86c5bc6b521bf0abc6436c4920e

SHA1
931ccd31b38703fa8de309c3b65317ab4d8dd2eb

SHA256
8edad7d9e62152e61641da2fb1392d8a7902ebe68a309967cd2be7799ae01b13

SHA512
0f58a1e7ef9cb698a7d9101854e53c3b00dc69c59c9dbcb07f24e8092fdd16902ca8d89d3e0cbf55d9307942da44003188318f9d692fc476b1bb5bff1bf5431c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b58fa.TMP

Filesize
48B

MD5
33703b6832ec5fe7a5aa7abe7ce56923

SHA1
93dd3dfb34a76edc9904ba214cabbb1a50f075a5

SHA256
af8534de115ec1e767da8ee8780476a41b9c182f5135ba21e4039e3cb6b8cd48

SHA512
9584f92bea02ee7b0eff8da874a569728536977c4b4729f9212387782b46e52c98a7c035dc4172056c12abefc233d73eab2058e3a64b25b1dfdf223481333b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ea68d2aaab3427de424bdd24b214405

SHA1
55fef2cf070d7a86f99646c93baced298b07e146

SHA256
8688bb167a00da11e115909dc288ef4450f218f6c3691a4eeeb3c2eef39c882f

SHA512
ab315ada5c78f2f6d50507b9f26c82ecb6af5e1055dfe867cdc32b640629c6b8b395377664de47b085a540b44fd7555229b1981373de033d30b0917677452f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b1ea0.TMP

Filesize
1KB

MD5
fbc0591e7dfd3a21a04457fe9aef43e6

SHA1
779b1a3d4608838611875dcdaa01f9f0f199153e

SHA256
f1711f312bb94f6b9ce982f8d6a17b82e9384b729799c569a3cf1d7f0d38f21b

SHA512
82a68a6db4428ed2473969a59940f4c0f419f1711581b564b03c84f016f577eb7ad2d7e8ab2cd733e9504af6b99949b566976176c1db09ede52ca4dcb50f4f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4f38b6c458deee5bead0e30e76d7eaf8

SHA1
355658bf48e38cfb3ed455bbb870d1ff3a3037f3

SHA256
19f2e0758798a7648719c42628bdc2f33e35c4f0b8ff0cd5732728091f0558a2

SHA512
37cc829b3ffb2552b5f32234cf61c587eb1c67a85840c8f2021764ecee879a7909fa9de9e49f779c6dfb1ad4d15a08f8b33aa1d24d11d6ff738f79fbeb67e2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
203d4b8c394a67bb67a8b64c37d3ee64

SHA1
e22e6b41c45aa6ca9102e22ec7a8913568dca5ee

SHA256
68479f17290e05c1c45d0b5425f394842b6c9e3a551e390d62fbb5844ed55b06

SHA512
212c78bd00aa22865c9d7358d2b9a346e2af1f70f259d540b689bb827ba80e08d16ce86290d9dfcab3b4a3dedd371a503b50c65a791cb63090003bb5b92d1c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9037e18d5bf0cd7737f66a6a64279151

SHA1
320fbaab54bdb2e1ec9ed798390e214c159901e6

SHA256
385bcdb89c2e4d94beb36862666ef981dd88483c15279b56a8105955cd4593be

SHA512
a3689a4aebb77d49b58da2fa80b691413b895ad0d4c1c7eb1095b2d9e1927e57a29a8eee64837f267704457c2d3df9f54f0fd4ca0e5335c94299b915e57887b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
69d338abfe1befdf6c8814e172083e4c

SHA1
f20ea2f212b5570e373043c8602ce8ec903e53e4

SHA256
9098629d90bf5aa8cd5df29fcf7f5d961e0e6d941a7696e66b10de160f1ce0cb

SHA512
2112995b419f4b8840a257a990270009a1ffc4826f20bdfeb6e40d32065444c7dfcc621b388f97084998ccec35107334071fdd022a0c5e582642b3fd1dc27ac7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c2d2f37ee453b9fc32b3833f3d98b2f6

SHA1
40fda0f79ea14fc6bd40cc027c0a0e6239e05d98

SHA256
51126becb362ec3c17e5027987d8871447927f86ae5dfa37c568fc539a0abb87

SHA512
44a78af2ba47cb01401d4f0afdb1b44d9c2d870861d987bdc4e9eb2e59ace1be501097debe2453977fde5e1042c154a5e0bf1ca14df9c5c288e16853613f82ca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
fc9f22c9b66154ef6bedc7a62d88e554

SHA1
f54a0b9204583a5b96dcbef4c86646f60a9ec453

SHA256
b57c0ea69eb2c648ebd62d61c7c45adc7bd56353026ece52118299783f3da865

SHA512
e40bbff75fa897ff30d9632a6d3b189c72571eaf5566106634335c227a32e9f1eccde07c905f9226a67c214830a6029516e4d29572cbf1ebf5782ffa87c17bd4

Download Submit