hxxp://drive[.]google[.]com/file/d/1n31U7kqUouPeTKMcNq09eC1XgGUEP4gc/view?usp+drivesdk

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-01-2025 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://drive.google.com/file/d/1n31U7kqUouPeTKMcNq09eC1XgGUEP4gc/view?usp+drivesdk

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
23	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4260	msedge.exe
4260	msedge.exe
4780	identity_helper.exe
4780	identity_helper.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	468	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	468	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 1512	4260	msedge.exe	82
PID 4260 wrote to memory of 1512	4260	msedge.exe	82
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 3484	4260	msedge.exe	83
PID 4260 wrote to memory of 4920	4260	msedge.exe	84
PID 4260 wrote to memory of 4920	4260	msedge.exe	84
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85
PID 4260 wrote to memory of 3020	4260	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://drive.google.com/file/d/1n31U7kqUouPeTKMcNq09eC1XgGUEP4gc/view?usp+drivesdk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd55e46f8,0x7ffcd55e4708,0x7ffcd55e4718
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=904 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3440 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5336941097252316312,10764157460112264090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:3832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x458
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
48KB

MD5
76ddc8975051661ddcd2b39a3d313787

SHA1
4356ffbe94ebe23f0a1f02d784110cf40cf85d71

SHA256
50d5ee3a555060f197e1a930e9b9e7b050dbc18b522f66ffd1aebe1b8d011649

SHA512
dbfdafb8976a435f3330d701610c0e62f7ca4fabad54f66759fed1461bf39fa178463590982d8dc2887d18cfb67c2e2ffe65547c4bf233fe28fef226ee2d41c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
255KB

MD5
96ca1ef558dcdf11da8e8450aa7f4ef7

SHA1
179d8fb6dc882a7afd36c889aa6fa64fe11cf9fe

SHA256
f99fe1adcda4af1759a94152a9b7a5302b4a352ceb47f357ac15a7702c9495b6

SHA512
7cee6f8d2d60d9c4f48357d59bbf78fa0799d4ce0014b88a834fae71e8418269ebf0e9298d3796d89a1ee8785024ad0c210a40772f420641d4ade74e4b40c2d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
1024KB

MD5
bb48719c10eb7f935dda5524d54ae5ef

SHA1
4c836b2fca79d932ae11a848a593a6174e5dd2a6

SHA256
a20ffa8b90940a6abef70707ef8645c2f38b6a2cd1716a018ddc140756cf31bd

SHA512
2cae04db3ad7e85ddb4f05deea05d84cc4c241373c871e877509f4f7fc519b91e36e51230544af3b5fafb97c2b106fc6db00f30e3e511356f431a79f139f71a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
1024KB

MD5
19aa8b549e1d507b1d4e0e4e5aa69858

SHA1
e4b4c8e8827895de607ba33ba2f789a89f6be7cf

SHA256
eeda3696b6781b6030c890f022f0bb63d58ed9fee40255c08c068ddfe9dbc6c4

SHA512
415d5eb3eae5c20a49f09b2f0ea1b5cebde68701ac4963adb333fddcb27ccb9fe26978515a3ffb50b93e04385ab88e8a3b4a1a3a9d03d0cb2bd074135acd765b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
58KB

MD5
6b13659b1d78668816c9ea8f91afdb05

SHA1
7efd61adb8ad2df8d6809191c6202fb469827c8e

SHA256
55ecd714349ce139a04b57940f142293d185d7d1f6ae9382b34963551e848b15

SHA512
3062f42117b03dfba862f0a4c30a8b9cb8f154c6ed3397823e680620bccff844782666156d6a336d26c8f4683d30e4255fa01f440a20e85545b058afdde04c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
41KB

MD5
3bc2b6052ff1b9feff010ae9d919c002

SHA1
dd7da7b896641e71dca655640357522f8112c078

SHA256
483a3494759a05772019e091d3d8e5dc429d098c30007d430639926c3ffa16e5

SHA512
0b1632b73fd87e8e634922b730f83b7950e9a39697a46a3429f0bebb3f1ebd14c815a4651ee8f663a437d00ecbeb6ddaa47b2fcad719777edf1b1de8a7cad0f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
116KB

MD5
5a9cae93e6705327d54e0d29697b291a

SHA1
f651658b0ab6d77e77e0580de2ce051e5bfa04fb

SHA256
268e0e8b8e8aa4eea8893250fc324d32a4002861fca87dc0933ec5653a1a1289

SHA512
3ec20f4e1f6dd15c27729e5965ffc2c115855a61719196d72e85e8846d4de9052fc571e8c500fb6653dd2e13e2620c9abecd2e16f806b797e01d874f9bdb5939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c13363d75c2525a3fe12ddd67c3d8a69

SHA1
b70ddfd194923fbb915932873b966cdc5f140edc

SHA256
580dd6ea33efa6803edfbd3de4bdb864106bb329034d361216d2baa7f69d43a3

SHA512
00def336b91198849cec3b69d7fc6fd9b11c1f8dba5ab94fca6bbbf0247cf4b4fea8e28ab6aaf24e76545ea952ed4c665857560e2bc1de528fc85ac032953d4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1a5264c6f59c5587e5feebebd9a3f295

SHA1
e4963dfc91adc636377c73bd2ba95d686d83d07d

SHA256
84a4754f10553b609c114e7eb6a1b04cd71e6659b6a3856a022907506123df77

SHA512
9b2dfd1ad1d07a99472621d1ba1fb7dcea20a679c471cbcf2ce42aacbfebb626b98c30a1d273148e0120952546abeffc12a05d9059700560abc8ae1b43be302b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
528b94150f2c315b946636aa91a50ca5

SHA1
7cb123d608dd206561a2b1022b376fda67f5aaf6

SHA256
e6befe46ed84adb12e3525077cbf5011d0dd8e75647e8a22d06673bc7fe22bf0

SHA512
8a9c66aa49651b74fc409d71d326d13988800ffc69130c7cc82425203b57df866025f3debe16dc2a44f743fcd10c2e4ad5d74b3c04b17c38ea830e711c4d3524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3882e8941842c0291a960c2358d6466c

SHA1
63f66b36e026b8c80b74610fc61239ee3d25d22e

SHA256
5bc921e519842e7bf41ba3b7bd66bea20cbc5bc5a58fc8af7284c07e6649b58a

SHA512
bb1510834c6a9e6c4d7a5de3371499adea26bb0dade3446e6109ca2dbd13511c443ebcddf321bfcbb4176c84a6141ab734311c1e999464b51b6163f7615b67c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
85d536bfaae46b7aa9d2bb155c456e31

SHA1
f92fb244078a5780e3292ced3499321fac0b38aa

SHA256
1c873886ee19c53dddf5d618cb168a026e165ee2bc7b9e8e8ab9753f4c28f9f8

SHA512
6dc51b8ade90480d351c9e03baa7d32ece856299821de765a0b1aff3cd192304d7142d6a40d268cf698634b03d2c0292c4f10ff8427ceecef311c8a735b09488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3b9a74707336c38010011fc2eeb36b8c

SHA1
a5af1f35ff4ea10c728284d9acb627299b062200

SHA256
0b9a6b41046b1213c6ba5b5227932e5106ce5e83f29070f4a2379acf208e2f83

SHA512
9a9f80f15794276e21f5a25958cf9afdda200d219c039ebd79d795aa8ee41464f0a3bf562866b9084bc9e65ad985f1d9e5e2adb25980e897fd64715c991a04af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
50f19b09e36375e2a843abe81b6da2cf

SHA1
496a2d39c2039a297c82c2c9a2fb461cf0a391b8

SHA256
cd54bb5fc92652cb73fea6b330a2cfdd62ffec5f9bb3e8bd37327776a222b967

SHA512
d93988b30c717fbff87c50a415630eafc38f76964838bed7597f67c89badf274baed1bc2b236b6e69319a57224253aa0fd7b04da0cb5f8988cfe007129efc9fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ce2c0c65ab56aa1e5b2e08904e8ede1

SHA1
4f0096117c2febcc02a0e92c38f2c1f753445847

SHA256
d9a06fa89a410575daa61c08d575135851ef6a87568a331537db32d60c08ca10

SHA512
7d04b952c72826d0a1ac82ae8c2e039dcaf777d10da0fcf4693431ec60ea92cb0a3e4878652bd0c8fc89770da238824c8256fc2c8457358e0857d62957713ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
51ec4297a5ec7bcfd26ff4fe68c4ddb3

SHA1
419a314ce7610ab368e1ce7fbfdadcd262eef5ab

SHA256
4004e23de2955cb3844c334017c10a12998b0ab65589e28014b0dac7f23d1ffc

SHA512
ae1d5719fd86677cc6501641e37b53943133616b7d9753a21b8a8abadc879fcc8c4dc812c0d50fbda442245e1a77ba61c7f820b3b48fe5422031a6c288962bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
689cac7ae6b26326236377a114b56bb8

SHA1
cb8f3d2614b0a13c13f2dd2ca15fbb67ad0c66c1

SHA256
be09e1ac2f18ea0e8e9c1da1bd1cccb9a120210ab7dfbefb3b7ea6e962f8296f

SHA512
44e798643b69e894822bf72e1a35dc21941d6cb8559eee4688afcf671846110f27540c91ec9248da8345592a95f3d7fd88081fa1b3b1f3a38748685e50f2d553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d28c826634f336073a663adb9e838d4a

SHA1
29eba7320b731d18db58bc86e12eb8e7248de465

SHA256
adcfa8757450126fa6941cb9eb1e8b9f5c54e89fe81883e7dc331cddba87901b

SHA512
a0998a7b15b4f8637858950b5fcb611a3c8abe5fb9ffabc631496c6f51f3bac060ec00120d2423f1195c2d24e195f099183606080f1f158869777d0011098481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4e298b0474159d37f8855bc4196d338a

SHA1
bdd7ad74b059af6a988b1c2eed9c642472d1cdac

SHA256
7d39684503106d857f713c04cacfb030492a9539db8a9248c87fec25d0ba4f5b

SHA512
1fa5b4feae2bffe958ffd5bad8a79bb3242255b5dece2839912114289dfb03fe7c2d22ac6fc43829ae6237faf537f32f65ba4db113f230f99ab8767703cd3e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
054ea7e3353acf2182c6da701ad92bea

SHA1
1581da518c27f647ec31770002d04b299ac37d35

SHA256
1166f84afec49c5a16eaaff78984197180b28e3807875855a11c688486d05946

SHA512
74e441d7092e9d9bd32fca92c350d5cd7cb6bb5ce8d77c69171570c50f8f3869c9d1897b06eeedd9b3d057ddddba8f56c87b11b74fb10f2245af5a0feb48be55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
63d5341798625af2b328628c8579b402

SHA1
86c2227c6ad199a11e25bde58e9004e59da3d49c

SHA256
7c329ea4a022d00330699863a2c1f331ce4b8360f011d128c7222c5eb4f73494

SHA512
628894fd71c26e77d7963d0d7ae8871f2378cac8d366204b84faaa28dd8e8ce5d04f58ae4243f70cf25484be7252b5184a263c3e36d3c11f032845e299b31433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59163d.TMP

Filesize
204B

MD5
8a53e94cf37bb55852a5bb27a84df485

SHA1
ea719c060b75ce8541c7d8803b0456e2a8d63eb3

SHA256
e7ed9a76c09aaf63754e3e6fb3cc20cdd989b4434126dc1bfc422fafa4d76de4

SHA512
0beb63ec08ffe418b7de5f75cdea46d0abd92c27eaa84adc8089e47b5f41d57aec22b5237a8d27c425e701403b89cd420ebadace8089069d9542c44d67b8093d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d0eee156dbc6926de29a8d6c7c3487f1

SHA1
bb15de6612e7bc2efba342282b6317f9b0162a1f

SHA256
bce15360afe98aff0371de75e4a2544d5e1f430f97cef6642c2ae23a80f040fc

SHA512
60e224f6c74def44b697d0db8e3d8fee87d243d69693081998817db188deeda98f3a7729c512f811b9b8ce900a307ec3acb6f7ed4c439a9504f0580a9212e29e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
abef4a59714e746bda1ce6047c963169

SHA1
0f9ee034c39495e64b0aa39d32f29c9a434124f4

SHA256
8c323d2932bd426ccaf09f9d4770376bf3dbae22883a5c4efc5f1e3c0fad26d6

SHA512
94de21189eda868cd90839b90c2994e64380d3dc452f25e6fff271169f57d371ed96b45a57dd4b97b021ce7648d7ceb38a715d257372465c5d8a143f41f51266

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
66bb4f4a6300f2fd6bd21ca67b828e4d

SHA1
695b35fdfb7acc76dfb1feffa89cc86c35b2ac47

SHA256
8af7a5d37151967a3f5240f591bb1f4ef80874a2cafb9e78bc20cd8c2bf30ea0

SHA512
02fd5f9e28621060485f244a59356fef2f70a176bd5236bd2487e7c58053f2e6af066a99a533d33a611cc443488c0c513283406ad6c3b516ddb4dd6ba54bb665

Download Submit