hxxps://drive[.]google[.]com/file/d/1Ttlb0zvZenLDgTCc5RvtVHv8YvIegVli/view

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2025 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Ttlb0zvZenLDgTCc5RvtVHv8YvIegVli/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
4816	msedge.exe
4816	msedge.exe
2492	identity_helper.exe
2492	identity_helper.exe
2112	msedge.exe
2112	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 2004	4816	msedge.exe	83
PID 4816 wrote to memory of 2004	4816	msedge.exe	83
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 116	4816	msedge.exe	84
PID 4816 wrote to memory of 4064	4816	msedge.exe	85
PID 4816 wrote to memory of 4064	4816	msedge.exe	85
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86
PID 4816 wrote to memory of 4100	4816	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1Ttlb0zvZenLDgTCc5RvtVHv8YvIegVli/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff27a446f8,0x7fff27a44708,0x7fff27a44718
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1864 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,4438943892907403077,18080963124871025048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault070d224ehba11h4a79h8536hf466340bf87f
1⤵
PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff27a446f8,0x7fff27a44708,0x7fff27a44718
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,13682334869436791046,16887859440258205372,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,13682334869436791046,16887859440258205372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5796

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a1f722e9f4c2dbf474ae07e72112947c

SHA1
99a1a9eaab3d3bab5a800dc1e5ef141aaa48e847

SHA256
eaf4006a4d21d0787b2c4fc4f41af05e55851ccc91356f19c930a00387a27e0d

SHA512
477e63eaca418b9c67bac0c4c22b8ac321530727b84a7d8488487cfc65e12191d170f4053b51a7d4c7c1341386cec603416747bc0319f5439ad81b1723e0d3ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
47KB

MD5
9f96d459817e54de2e5c9733a9bbb010

SHA1
afbadc759b65670865c10b31b34ca3c3e000cd31

SHA256
51b37ee622ba3e2210a8175ecd99d26d3a3a9e991368d0efbb705f21ff9ac609

SHA512
aa2514018ef2e39ebde92125f5cc6fb7f778f2ab3c35d4ec3a075578fda41a76dbd7239fe2ea61533fb3262c04739c6500d1497c006f511aa3142bb2696d2307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8efa45320b24bc6615c0ab6f43fb6da8

SHA1
78c136f1926c7ed21b89c1ef2a5ca50f86d3298e

SHA256
2e5f2fe5e3692574a782a4202482cdec6472ba46e34bbdd7d2937b835c4ab075

SHA512
95f753864a81beb9446725e5a2f77f7c43b20cfbaa959066645d36141a058efb042b24061a27e40a5e8fcedfe963000d09692fb4fab56d6da663098529beecd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6b07130ce3346988dec9108ed454e1b8

SHA1
a2528d7b6692219dd4af1a13e2796cf1e272ff4a

SHA256
d3e514c4cce635e7479d3231ec8c089197cd0cacb3cd70050266ce3a7646bfcb

SHA512
9b3f17b11a93ea67f8486cbc7f0bae7b7fb73efbdd9fc3f0cc775d9b6586cf9b72a8782d5a825a2c273bfeece43d9128ea149993234450a34494c49439293f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7801ce1aaf312e530c3151c15c9c97f8

SHA1
e469ee83369d5bc6e156261fe5781ca74a44adec

SHA256
c0d819d67adbd3038ce145a0370b9c751f1ffbded643cdd0cf20da56bb67fccc

SHA512
b9ca8467204c92c68832a40b22d72d0721bd9301bce0e3ae4f26a4477375cc9825f024fe6b232269cea6af73b3f0e6da525fbc82ed15051f297f2f226228d152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c0547bc3bfc36b70e8a2e280e1d385fe

SHA1
2bb84630c6eee2ec5177860c65dec28b8e529947

SHA256
6556b66e79003deb80fa896dcdea623267783877b34f612f7e122f49b225e7cb

SHA512
126db5c96c1b4cc58f1e62a886d2c3fe49f7c8d878fe11d309243c4daa728124d232d08434694f76d00a8d766399523abf04ef2a1b34c8bf20a54e8c88cc5793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a4314698a532449bf68f63c5120d9c2e

SHA1
bb675a3b21ce3f1990ce843b683895dbc7d03162

SHA256
7e0a38144359ff69f8856cf920923a3ea335a2ef9c5a1978515b60c7ec32601e

SHA512
81e83c2787a645d273071cb83d51ccefe8f7dcbbc9b95d95b65c726ff8087d32b4de838f8634605bd6c6b9415eb28f0f765d897178433cff4e0296fb1fa2cf07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
59104db34dd2fc6eedd97fb2d830e855

SHA1
09866eef3c60d50ea810d4d64f17bbb9f6f16632

SHA256
b034f12c7f061d34683b103f8a9344001514aa2f8ab6927167a73d06c4774352

SHA512
9954c6e36228f10618c9afd0a9426ec9cc37b8ed0ccb6b2d9b0ad32eb24975e5d83e6a5454b94daecb92d87a3736181dec00e73e4404198b77ff5a70164f5f9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ebdf029aec5991812b8b79c579bc142b

SHA1
317244557bf5781e83d6c7a9c986e3b0eb86b913

SHA256
f72bce54e820b8d931c9efb2fd8a3e3d20b5ab8d9774d37de202dd5cd5fc801a

SHA512
de30495d80851a30ee4f06a328c9cb1f1dababb45d809d5083f259e29c810c4b741e4db6e2e9ba6ad3e7643d36981ddbe34c2a9f445f485ff9fdc69cb0c6b5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa648ff172286acc0a8ca5178ead8c8d

SHA1
898f1059175127179cf2774b1a82b953dc8c61ef

SHA256
eef9f8e523a08996598ef5758248d62e013f70fe0e43de8dba08063504d1d74f

SHA512
916689012659c36733fd1a99d08243f8a88692ae2e1a0cd3892fc9a608d8fd53f7a7b01d7895ecc2bfebf7f4c7b87a504e692bbd693753a1653192a2dc489d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b346b1c40c1086cb2862bc067c1486d2

SHA1
99092a630360ff396a5f523bacb5654f216cfc7a

SHA256
a648b6b73165713a0d2ab27e8696523e1c8513337f94f8f76d3da80c0d47ef25

SHA512
90ee07812bdbbdd7406e54d7a65e9cc2e5a2c9bd76f811459cac1c54ce88fda41d254261d629ef3ae83ce1dbca68f6381af46e50e90cdf6af3308f532b783cfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5e4223236cf1788ab3d46c7ec653423a

SHA1
3c3c1992be10f30e7952db256584221550f8ee96

SHA256
b78dd15e7586a8305eaacbaec700e8b042c2c92f0edecf882c6ca0fe369b62c5

SHA512
995cc8ff41483b89e023d0cc7c9b7e0e6a988fc242d7d322a7e21afc411229b991ca51d9fe4bbe895312abe9977f5e8751642b93144a4dbe745df0f91b4a97a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f83b3d3b2b9362c4463a758bcc9274a6

SHA1
2e543a5a2e5039aea771c902349af6bd04f732d7

SHA256
f5047b031384283d10828f98f7a10757136136b97af82c24d6bcbf7f0fb309d8

SHA512
a00e6194c7e59a747443d54bd266999323d9634cfa32962ee82eb7b0c687c2ae52d7ae8926d0147f6be5dfe8bd150b67398a474d10c272fdd6063d5e7ab95ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2b75948986b8dee4fbb9c323e3c34fca

SHA1
b4f0376bf3b56828c660954c59db8128c46fd54c

SHA256
1b6312b95ca2971d25693801c75a5aa59080d9679894128d160c30f9613e96eb

SHA512
cb32bb90eee1770b165a858c2de4b92fa6490d5ad1dabdd8e20a0fbb04fb07a3fbafdd545b2db9b9092c803f5c791db84f26f0291fd4d0de467e3bc53032d7a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fef2352e8041b3494e0c65e77b1424fe

SHA1
bf88eea74ba86df78f8d715a8b5db87e8fc43568

SHA256
1690173503d06b77b973f8fb466a2054fb580b3ac89d4d3ecc92d29eb36b8a99

SHA512
8a5e525126f5d3d9502fe53ea1dc0859dd3d17c843f3ad83a851a48f907242382eac278cdbb8a0502b3c4f0948e1a4bc406f96047568505fe6fdf5a67d00e1d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b345ab317776eea4548b858bac9619f9

SHA1
e62428cc56d94c3d4d0811d31b69a956e7ef256a

SHA256
26bb1dd6f2527555afa453b1319fefe92acbebd10a99b784e5676e8c05b0d80b

SHA512
c49b4d30ccf6edd2bda24b2fc85689b07475982f8758deeebdf05606474c5bf4aa2d059e0c324666a646c4df3854822ed9fe5fdf73a9448d5908aa2a485306d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
143330621f3c202e3b33cc169ab96d42

SHA1
2c58872412c4eb702e8377630d825b0789336bb2

SHA256
60aa0cc2158d4fe4bfdf4f2fa6addcbb18fd55f53849bae10b7561295a5725d5

SHA512
7ffc442deb58265a4e16f4b8d993443cd96c673cf36c67f00f77c9487e971febb36f36d75a07cebf1d98e5a137a6903acf4ec0c1d7f205a5b4927354b75abf8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c8825b0c7a45933ed9ee99c75985baa9

SHA1
f8033df5c7f193ac6ace869878c23ab3af0d15c1

SHA256
212c7a652644805ff60db0475f6138350dae39da7b9126a26460f59d311567a2

SHA512
fd080f0b8ae5d77a04d1c9587d8f1b9d8fd1a6a4114f70c6f4a8f3d1b001e93743c21a1f08c9f75f3450b8ccda8ca11ef29d55b122a30f9e7a25d8c8e6ef59c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
781d375dc9e81b015ed6371a9ebbeb6d

SHA1
fa57ec71974efca4e97b87ede5052148e58860b1

SHA256
4e1f12c2cc7ee05f84a802f11e8a27524fffaad60f8b1cc51c0e45d086c99b08

SHA512
2352eeea26396e13cd978840800536f51124dfee828eccdd7884df527f0828449137bcf712c45f5cd63a203fb493357d299903094b06cbaff147d4fe983563bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582d93.TMP

Filesize
1KB

MD5
8fe1c9788370451771a804fd99d2d599

SHA1
3f9a26ea36fbb333dcaef823587225a4731cfab5

SHA256
e0a29a8cb18223a05d99f5eaac396037865195a74db080eb03e92cefbdfde723

SHA512
b258ec08b45e6b0829ac00646669710bd38fd014a066cc0fe8644486fb8e25277e7ecd34ec12074b6d0ddbb27c39194aeae720adf292df5c0753d436fbdc139d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a7db4e0d44706ba98212a1debd38d1a4

SHA1
8141b18f6e2348ed6767e0b076808897cfd095d9

SHA256
9385e26f470c206b1c7809fd196706aeb58e129f7ce180ff1dbd32c672c7b908

SHA512
ed9767708325084990e25510c77ec401ee9dd283f106600d254a9dd475c21dd09c6cde559bd0fbea248c0c2bb7914def1917ad2ef77f7bffffbcd0cf91042d82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c6a1afc7e9807cef294f69f16bd21507

SHA1
3f7078dfff987d97b88840b403bbdf5eb975e84b

SHA256
bb55ca3e01ac6cc77d74b074777a7b3adab1f36a74db72dcca99e72a9a0e10ff

SHA512
2ea825d7ea9f8583fc44309800c084a209f280c2cb66e8ae855a0984d42be1dd596603ddd8c272199aadba6441ac1af5b9e3286492727e7790946e840df73ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3edae617b6a250d4b9accf9519531432

SHA1
b23a93f7161e0c1d0ae83c5353ea8367d26f5afa

SHA256
61870980ffcd05708bc5f9fb18bfdba61f7301c683cf04eb96eeb71ab8052eb1

SHA512
a7a38420c8f78d44131b286fff85c47614ffe7e1e279848cea180c4fd29afd60f711e82669c5214f84198a9deaa89fe1e76db430eae2d8f54a833914c3abcf4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5606c67410263712bf906f983dd2a24a

SHA1
eef59843ebe2dc1b836188fd1ebf8e9e62790830

SHA256
8e0b48b46567a47b448c87574dbc01c024bbbb7f175f9d9cde97269b29406c06

SHA512
7b37ede312df647efd49b0e5778008b70a2c379a391708523f4297661acac6096f2057fc6b813535aee1ce2355d23188c414d01b49b80ac5ec260652f2b89a6d

Download Submit