hxxps://cdn[.]discordapp[.]com/attachments/1267410065145593918/1267412602447990826/setup[.]zip?ex=66a8b177&is=66a75ff7&hm=25889dd9dddcffc74a9bfa5301612c6e4360f1a057c5e7506ad1fb4a2463f0c4&

max time kernel
960s
max time network
996s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
11/03/2025, 15:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1267410065145593918/1267412602447990826/setup.zip?ex=66a8b177&is=66a75ff7&hm=25889dd9dddcffc74a9bfa5301612c6e4360f1a057c5e7506ad1fb4a2463f0c4&

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1548	msedge.exe
1548	msedge.exe
4856	msedge.exe
4856	msedge.exe
1156	msedge.exe
1156	msedge.exe
3496	identity_helper.exe
3496	identity_helper.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4576	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4576	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 3456	4856	msedge.exe	82
PID 4856 wrote to memory of 3456	4856	msedge.exe	82
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1848	4856	msedge.exe	83
PID 4856 wrote to memory of 1548	4856	msedge.exe	84
PID 4856 wrote to memory of 1548	4856	msedge.exe	84
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85
PID 4856 wrote to memory of 4024	4856	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cdn.discordapp.com/attachments/1267410065145593918/1267412602447990826/setup.zip?ex=66a8b177&is=66a75ff7&hm=25889dd9dddcffc74a9bfa5301612c6e4360f1a057c5e7506ad1fb4a2463f0c4&
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff982133cb8,0x7ff982133cc8,0x7ff982133cd8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11526430026010582276,14395165286649199525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4252

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4576

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8baaf6c583536c9e6327e9d4fddb4cc

SHA1
0c1436d1a870038a6cb0195704658ef59ef78906

SHA256
7cea1717ca57c727378be31a2046e1b4be05ceaff81e76d45b5b3fb1a0b09507

SHA512
6cdb5d74ebf3c2f398c2032e6047f32b342db6f28f997c9c3df2351e307b316a6d66127a3ba6f0b1a721e5afd50a5578ec9835ea25708fcd49850ec4ba64dd67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5332d65d7c50eee952b71eda55782f27

SHA1
9039a05b96d6f5fc532a4ddb304ec01aa2fe5879

SHA256
b677f0eeb2f0c049f48cc35d484ead2ba5434a74e4264e64d7f426fe45f2ff0e

SHA512
eeff99092be3b0bcf81e9ba0f2a72d592938ef90952e533f903707d1e0af2138db62a4b491476f499a0909bf52fc7aada7aa832c73aa882d40f488afe5b29b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
89KB

MD5
6b1647f87ad693d177429042a2b53381

SHA1
778dd9f5ee99236e23f224c1ea5ae31477cda774

SHA256
0e367dd125300d8405ea99966ba138b2c6e5b98f0c4b0e842c6c3e1a9d42b847

SHA512
ae2fef8be658be4e06f60ab9dd86c57abda7c0ffde5b45490699c618a3ebe3fcd08a6ce01f933cbb04e0ca122085e9b0f5e3cb13be5704c1c4314d3302c3732d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f411eeb3cc831b7f6ea54b227eb98000

SHA1
744097156865b05ae4d5324a25a39d34b2bb684a

SHA256
310487cb1a1e8b007e235b833f943fbce5afdb2734cb5fcc3c72db4b02ec1212

SHA512
06782683489e37b6b6217a6beb6045c1fbcc0a1d904028789fc7c65b04af1694eeead4e6c253fc23fc156aed5ca9c2168fa69e9c3bf76f26d3e50f2d00f8ac21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9fbe87da32cdfb2f07a704335f9b2617

SHA1
fac2a85938a01ce4abe82ea246dbf136ec71227a

SHA256
70fffe938d5ed7b6d39743f0210bc9bb34fc7d8a568ad86501cf37fa64132d87

SHA512
06c08b53d71f95bf311af715a06befc7fb0bcccf4887ebcf34ba9c5dfaf273ec7be79baa4b7d19a43330f8740de067369550216c2ffb558597165bebed17ec49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f82b6e0ed6d619bf2ceb3f3ce7503eb2

SHA1
4466571e7e8e8293e7c107cf66dc39bea58ef11f

SHA256
3ca6d65c7c1612c891e61c28f78b80b7b0719c300f6a8df4258e1fc1825e4eeb

SHA512
06fae5ff31146aef8526d1574164ff32e48f5e63510db28e0a3728944e87bf4db27c0f75e7bfa2e4b8abe4b1e6e7680b07605bced2e4819db5c92f5d396f2e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
39807d64eb672d9d6101771d83cea657

SHA1
aaa329ea3b9d0ad566f7d2cd883581774ae483cf

SHA256
6d9c918a5735d3fe909af5a4be6cf516cdf91e74f069ba5df95c72354c98f625

SHA512
2b7cf997b28b9399f29269fd04b74de91bfaefb6d8917429f3ff10c92baf67a3781cc454584724c09dc4762a256f5fcf05426b3325f367ca6997ee363f42c281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7d3ac0df0657e6c30fda0dd7467911ac

SHA1
c110ad07f455198b9d2550f8d93afaed20c3e360

SHA256
d8f5dd6843ae4480f8d5cb75e32af68c69b3eb5319cffcee5601233675e45688

SHA512
d999ffe06dd3287675d3b9d65c33b9b430d46b36e165e2ba66990995cf3454e905c1e597e344d1caa8fc30f367e4ae7c1105341889adf071ef4d878c602a51d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db1d1c0f836cfd8e28316bd6ff87252f

SHA1
a6423072eea97e36a562f60ba0067f19221affcc

SHA256
6fef2496693567df4b3e46691c6fbfe36e777d640a02b2b7ae881f5fcf099a3d

SHA512
de831906252a46bfae68806e7a704ac16737072f1b9b9c02714ec06d387847a858874e1be1287858ee2a5912437818bc849bed394e25bbb58f454b23040dc9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4843da92231281c453812876da425485

SHA1
d3475974981ec183fc6c3f70c5ddfaa76972b52f

SHA256
1d3025985d7bac0fdfc44dd204483f3d10e52a242670c90091b07844d773e09f

SHA512
51b3114a8de2fb80ffe8a63aba3b17d7fffbc9911650220bb92a23e81cc36bdcacc066211d7e863f7b3d22a47c6587fe0c1d2476773140500f010f4920dff327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3e551e9424c3599b8520502cc7e405d2

SHA1
ef0509fb6758d12e98707b2ce2b50eca55ca9436

SHA256
79bf85996b2e5f93bef415949b706faa2091d4934aebbf4f01ec1a1eb920e911

SHA512
f7b2482c7e722554ca1e527998a1175701025ec38ca4ddb1627b76cc03ed28c943db55d02ad7f8e6f59d0c13719fe20b66fe5b7b5864e824a90070a397b6e42f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7ed101eb3d10b3866031d5cbc09bdf06

SHA1
2877c3b98b08ec4b5c44507affe3813f81d6c27f

SHA256
d467530f076fbef851a1a600c2762bfc1998dc7be85ec7ea8dfaa065c3d8f4e0

SHA512
e68de2da66125de3ebc093ae480ca9b30b964c38969fe7db01b1b2920cb22f2aaee0e084c6b4decd605dc42319d1ad5e85564d771223fe94417584ef82aeb331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fbdac6f8b7d108004d51e59905e9b6f9

SHA1
99463dc26e5eb05b3ca67785472f0d251b01de66

SHA256
4451eecee71bb8cacd8e5717c45379b2ec7c8545b8f52e6dca7c1827a54fc90c

SHA512
3831667fd689cff8fd8c1787a89186b93643f77b5c6b1246a4a52a9e7259907a4215a92cb10ee40de45a46623e75a072a5002af4b88e96fadffa91dcaf8f9590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9f644acece22c5b2668a086a44e06b0

SHA1
5c492c902f1f3962efed4951358fc62f2f126918

SHA256
72b190e393e8d02d81aee89d4d98377435967f46eb57ecce55bff1a0a579cdad

SHA512
5d51f02a98151f8adb5a2f16f2527a9219e03ae8de267f2d824d4ce1e5b01da00ff2c1a8202549a63c398172f195fba03c45f7014f898f6e71912d0fb8fd2aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
4KB

MD5
730ae0e17d048fd14891d4c7f57216b0

SHA1
3c2b015584104ec39a4af178ef0c4669c17b9763

SHA256
08387e19d362532f36d20ffc9c96ce9f817f0b215d61de08c64cb448ca46a1cb

SHA512
cf180bd13e848e3bdfad13a3de810b11f46bda6e6cc83f15804696be1f3eb5c27719c119ca35eba8a7c9dc6a898deb132d5bba1f7d73befec21bf3d954909e99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
961B

MD5
078cc859c78a531cdf0ecf31910d7573

SHA1
f5d341cf5c01ffceeabb436adeb40fc0e6a0c75f

SHA256
f718834c78ca88dd8e816818252629fb0cebb4a551b7865c99a18ce7493c124d

SHA512
c559ecb7c4b19508399c6f102baec014464e0f69b003fdffd0918859d32fc3ed4a7e1b7b095976e607452dfa699adcd0f5972d05ed1890ea2f12c1aca01a50cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
38d305d035a21f2ca3a0e97652805191

SHA1
4a79d4b6a4160793d1df9939de05782093595ea8

SHA256
2098ae5e67b9f5084f5899d3733c056513a531cd1f0fb7f8859bfc9550398829

SHA512
0b4a581b0aa78a35ccc25d086857c7eb3ca1d1f11b0bfa9ef9e125e02663f712768f43630934ef5033c421c5f96043fff4e80155272654d7cfdecbce20d6fa2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
3KB

MD5
6a27d6622ba967be357eab94c0f5c34e

SHA1
8cea062dfeab62a7578f55c5823ddc924110168f

SHA256
02352b63cfb7428173f1b97fad60625d49f4df3e7242669ce262c2a9b7dd76c4

SHA512
fc9b62804ce96d66ca5a258cf7edb32afbd405018cf9c31968c0590cff8685eb0f965f0aef8cc0eee6d1e6f9aa972c94f237e7777076c5425f5be39370d35d6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0

Filesize
7KB

MD5
20adf38de0f1dcf8455f1aed15ae1db3

SHA1
6216ab815850db27476c3115f78cf1854fc93b56

SHA256
43a802c8ec0447716d4018d0811b66366735eecf35cb826121591e7f5da9fce0

SHA512
6761841a996ee35a2d7ed6117501ec37d77e83a53441e75e79578f5880db529b24a7769851e0b18693822c97eed8b357ce9c53e3664068e2f5ed3ae3ee0f1d0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\67a473248953641b_1

Filesize
21KB

MD5
69836c223387a9918b087b76604d65ac

SHA1
e24c4552cbeecb1e730a384dc5a95721b29e264d

SHA256
157081c800ca79e6e634eb50bbab961c275e604e12eb700a1a28044ad68ce678

SHA512
bbb372e843bd3982b2cf39a3ef86807a3b23ca82f7722ead9abbaac000b836b9e13bb1bc88df2b93720bfbc507292a36c162fb1cb2e83c0e06dcaf6d934cf826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

Filesize
4KB

MD5
696a7c7a82309d19494b5b95b6903065

SHA1
56df21a7c013387bffc148ab8bca4117b1bf6822

SHA256
1b6d55d78bee5af3fcffa614370b60d31a76ce67a9dd91f5b4f3c720ea4c57b2

SHA512
7af525ffd7d409ef583a32467a2e2059401ef60c51cd41d6bd9a453402695cc459864373cba5ee57544db6f8f78d7c113178d1ba7f3dcdfe6127e5cebec439c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1

Filesize
11KB

MD5
17256209394912050aa68fad72567f06

SHA1
57cb0bdf07287d15e2162dc720f01fbd9c1b8a6a

SHA256
ae2c27ac0ab1b49ae08853a19be55878cfa42fd1f7d459154db6b7181689d70c

SHA512
c1ea16ed3fc381df688993f7cfc0306083055a0822f62bcb48d4af56eafe4f9af5eaf5caa380e6a1633a62d00f63565fa4be0b7467eca4b46af3d5e9c8cd4570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
4KB

MD5
e8dbc959bf88e2eff936201a2c261bd5

SHA1
fa0726f1f43075367eaa7e426a760bfbc3e713df

SHA256
c18d9bebd8c65dd53e241b08a7964b09e4809f599b32c68417f6568a26bc88d4

SHA512
83ba240deb4ff9e5a986ec5fa129515a0b9a4867464ff4bf952b4f2a94b5905a7a0b4428b0bbc22dc5cfdcf4845dde8cf77ea7c1691656e2000726a1efd8bfb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

Filesize
10KB

MD5
32b1d74c51f80d34d908b2f48841067b

SHA1
71859a88cc2cf40c1ce129b8598674c38498f874

SHA256
9858ae438fa22ee270812d354f0c319cb5ca4017ccaf77f34b8477227455be08

SHA512
5e17628e3cb3daf9829b82cea4419d4f12e5ccfc39e217fc9d6fb90fc0fbe2ee970422ce51167780f0ff2138648d0bf0f5e6200aaa917eb6efa946f000d83a6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
68d6d47d1bf3e044995b6c787bfae8aa

SHA1
8733f361d1caf7d60bf34f30ae5484d0fb1cba13

SHA256
5137e7b9c2b93d069c0decf5d0898f02b06689564a4f8d5dc5d3ba8872f731a3

SHA512
1eeebf3191ced046927a123599213770fa1b8033847e30e54a46215cd856d0e9cdb8382edc553d660378253feb1e9015df30d38bccf0d2276adb91cd1964c60c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583b8d.TMP

Filesize
48B

MD5
1570782f9ad9f1eb801497e38875d0ac

SHA1
6945495802ebe79cee2af9c9514716af61887bf8

SHA256
7d3705e9dd8711547cc051f54f51e4c9a2db4f2113bcb994bf564b36e325b5bb

SHA512
139332c0b0292574b605f573769acaf96bdc815b3b08183803264bd91d5274c9ce1d26ac6e8895ebb9faeb3fc641b4843a223fad428abc572c99bb5ea3ea3508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
971ec26501298080cc031967ee384c4c

SHA1
2143ffa5bb6b90ac0259ef9cc4f2fecb16b74700

SHA256
fe00490fda2fbca759f3bce6b6eb4499f09eff51238029ccce320d56dcc0dc63

SHA512
3c57b814f01a1f9bb9fd66bef1b7ecaaf1ea4b1fd04bbdd72df5439e84a4bb2126d2ae8247d055ded27bd2f30b30d231a5caf4c6817e8fbf1532b9cd698e1421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b9da5b651585f5d13bf0957e17cf5543

SHA1
32d83d7a7cf4402d7f90fe7a1c238b7554d2e535

SHA256
f2fb1eafef89b947b5168dcb127e6bd60ab4b9f3d5ed186d20ba32bf4c46777a

SHA512
2570ec1273a52f4b9ad5d8a9a5feacab755005d5935d6b3082c339ae07ac687a13c7e8caf46eeb2393582a3e12d900b7b68a7d8242499b6b1f1fdbd873ec83e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dee121f3ce5d0f819880345cd64d4f95

SHA1
dcb706b2d402209f8a532165659af55ef882bc58

SHA256
e31918871a9652d59cfd754e67cb7580411ee62e1457022deace93bc29c97466

SHA512
1fcd3a019fcff68cbfe3f903ca60276d7ccae760253e29004f8246492acfc97fb6aecb0ecfb0197a8384cc4c9ae19a718820516ce50287ac0686298620b16846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4bb511426896b7cb5ec64c355e1b94a4

SHA1
e63a666b8ccd420cf4caa92246e3187af4e433ec

SHA256
16546f68014c8bfb99abbb81a3c6a090d71f22f1d8796f6ca8380b3e82ebbd38

SHA512
e1609dd4e8e3ea6ddd3b19d23a23ca1370a7e9d2e35a167103e23bde000007a406723ad7d32aaafa20c38f030f2b757e5417fb062b297818f88294d25b80c675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fbaa0a132c7c2a15efe68edd6bd0ae3c

SHA1
55a5ff50582cb1c299bf2bb76a5cd6bb88b640e5

SHA256
a46c234b1842814914ea606801dcf2fa5285e443800ab0ba78535dbe7f374f18

SHA512
8951d6f43fc0b0edde8c90a9558e1e05d77354fd98ab8c99b17abb2f8146b460c298c8f8630a43202c500d166565c6a90ba84eb40719a1893312074341813014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e2584c0a6f9f770ae66d2a67da65c28b

SHA1
48e368524046e0d5e7634ef62046032948e8d292

SHA256
a39e4170a4c71dc223a7c52775847410cf6395e051ffc0841fd9bd6762ab9763

SHA512
e95155dc828d71aa1ea921f16104bc762f900950011b135105c07f5c3a351ca7f63e0b995c85aed709dff56609176490a09967936fcc4447309982c66a5b9bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
de66f93af7bd4c53b7b51e22577d26a9

SHA1
a0a179639205877c19fbb89bf63f01b09b02b861

SHA256
10bb38560d55acb89f09cb555a9bdf93a1389272ce34b332663374daebcfcdc2

SHA512
230f56f2a783b92a600ff3b92bd80bb352c5f71607aa0bdbd77763c317b759f713f6f47b1c433f8d0a8f3b72b31569f98134427f717d8a40ae9852e0e18c7c52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
28e0c90d943684485469234ee66a2a3c

SHA1
f6c853eb4935498b1e94aea1f98ef21f96e0c9de

SHA256
4e746af2f2fbf7fc55c790557b1893ca3056e80d0933c864326a7b9b91096249

SHA512
b50ba3c80a90336f1bd873743a32c8b02da3bb1719d5cddc821f283212df25749749305dc5fc1ce472cdbc6901980b878aaa00f2564229b96014aa1ff94a0762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585a8f.TMP

Filesize
704B

MD5
a7f12d8da35c1e4cd6110a5e01814e81

SHA1
c70ae0e0432db8681cc93eb2b48399b3f15426fb

SHA256
c8f4e36074b1461d7db6a514155be314576ad75a80da31ae2a12f78c97e4b849

SHA512
ef90dc598519def31c1c32c8f1c1a6219bca75a0ebb8a243905338809f57e9c2ba982d84cddb0d59ec1e814905910f92356b784d04602c8827c50b69f0054797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a173459dc6e1e395cf6f5333ecf9b6ef

SHA1
ef655f5bad1668496fe6dc847dd8c7e512ffd74f

SHA256
396cbc3163fd2943574444956fed2715bed53acb45402b2397c3960a0c19f57f

SHA512
6d6eb375cf46cd1607c9577ec8c0d32d253ed17a1d82b927a162501b32adba4c90493a923a4ec68073368f6621d884e62217b74fa08fc29344172979b3b03ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
afe3aabdb91f5c3916db3904a41cb064

SHA1
ea2e25cabaff3f049184a7bafac01ab2afb306ff

SHA256
fe6c1496ee78a72ddde32e2932f2a963dbaa2b91f791826275aa7494c2233c44

SHA512
08d521d4fe89d7b5ab4c309fce71d3ebdf22cbcf7ba2a87c490e284383a1936618e47743241084de2a83f92c21b224702222a1aceca5ff7753b4a93d0981bcfb

Download Submit