hxxps://drive[.]google[.]com/file/d/1ZkERXIxLFY9urkGbhTAbviSvJiuqmhw5/view?usp=sharing

Analysis

max time kernel
1167s
max time network
1172s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ZkERXIxLFY9urkGbhTAbviSvJiuqmhw5/view?usp=sharing

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
30	drive.google.com
31	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
4880	msedge.exe
4880	msedge.exe
4680	identity_helper.exe
4680	identity_helper.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	5652	svchost.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 2292	4880	msedge.exe	90
PID 4880 wrote to memory of 2292	4880	msedge.exe	90
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 3504	4880	msedge.exe	91
PID 4880 wrote to memory of 5080	4880	msedge.exe	92
PID 4880 wrote to memory of 5080	4880	msedge.exe	92
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93
PID 4880 wrote to memory of 2032	4880	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1ZkERXIxLFY9urkGbhTAbviSvJiuqmhw5/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd40d46f8,0x7fffd40d4708,0x7fffd40d4718
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,13833727805461132379,2421734841835885030,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,13833727805461132379,2421734841835885030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,13833727805461132379,2421734841835885030,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13833727805461132379,2421734841835885030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13833727805461132379,2421734841835885030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,13833727805461132379,2421734841835885030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,13833727805461132379,2421734841835885030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13833727805461132379,2421734841835885030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13833727805461132379,2421734841835885030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13833727805461132379,2421734841835885030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13833727805461132379,2421734841835885030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13833727805461132379,2421734841835885030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,13833727805461132379,2421734841835885030,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2000

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
ece134a4a348c1e6d52b855c5626b9b5

SHA1
ca10daf30f9b3d9728d70727fd7667f512bc2a19

SHA256
13a546ccb0c1dc5781a41ce17b7384c814211e9ef98d9da65276be8fbc6a168a

SHA512
0f6efff8c43766b894036d487c6f3a14ec4a27f1ef74120c5c12861d21deb42f225ff5762f3056ee25dd42f9d83fec287e1e44e4c78da733dbea56aa73ce2f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e494d16e4b331d7fc483b3ae3b2e0973

SHA1
d13ca61b6404902b716f7b02f0070dec7f36edbf

SHA256
a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

SHA512
016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0764f5481d3c05f5d391a36463484b49

SHA1
2c96194f04e768ac9d7134bc242808e4d8aeb149

SHA256
cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

SHA512
a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
9352951fb693db4df637fefc807b3bf9

SHA1
f81350bf1e178b09cfb9274c984eace51be96704

SHA256
1d97571ba9dcbf1eadacdb0f9380a3a6878829dcb1948f25c990f82a26640cc9

SHA512
ebdc96c5993df3a03cc380ce63926d624a7d62687b66f6cfca98ead480e108d8b384d148f56e55d4bb39667c153a5546e63d1a5eaa62ef7acdb0294a995c6e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7f6306cf87f649eb8a0a8b8f941a54d7

SHA1
b3040d1501ac4e0ced87a55227e0e907be927628

SHA256
857d51c5a7b49cc3e67c496c4c17334eda47cc2742c322c1911ce34066721d30

SHA512
8471c3dc44ee05b5804b6b9c0cd38de1944931d23ce9898f4072d5cd8c34341605bec30eba32f3dd76d99a05ddb0909ded03b1771ac02809e8151fe6fec75995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7bf4b9cee0d118d46d98513fa30e0b5a

SHA1
0b5d20c60e727af5c7dbeec831c0cd44de5f8501

SHA256
b61ac6f38b0ebf6e3a70fc2bb11b60467c907ba30f470e2116ab124c6c57fa4a

SHA512
9e7da206fcd726256890d0c2a64039eb6f7d72e6e2ef5418c9063d302d55c8e45d4c0a522f557d94b01ec38e353d6a230c5bf2a30329d8e2b98e7954a289bd27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
969061d2b46201fa7d8bef6a62b74ab7

SHA1
fae92121e6bd8a3862e0d76b739d0957c03e3e74

SHA256
f6fa897083e25e2639d9cc68187f9136a98889f2a00a7b9b2c25db2d8990b7de

SHA512
ca0e5d4f223ebc95801205c9599a2839588e58379bc686e89f4346a88bdf0cc5acfdb3e44b49667d2951ab67d4c62dcae4f0739b81778415526cef95974d1150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a0da8e0ec58a394408c020b40b63e792

SHA1
fa676fae2dc800c07159f50b9ef988044a32b9f5

SHA256
482ec1404e080c124c813726ee0bcc700776d8c7e02831f938a59270c743b747

SHA512
7587d17d3f2321d03047cdb5268c3ca0b6a9fc535342640864408a107ac67c60ceda0fcda646bcd138540b62137c6785a461f3bea74a71b2ac160ff4d0fd5b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
96f60f08a8757a121b2aa44ced860c99

SHA1
541cfc6087173167ef6f29e97c982f7ba3cafaeb

SHA256
084960acd78fa4715b1a4e3ee5d990d65ac5bca78d04af9648519e1980c7ec4c

SHA512
00bb087046cdf0aa9b469467f7f2def680b590b889407b548811d451d58bbe6d5468a8a8d431c3b3980f1a0f89ad6d865577ef3fe794467ba1d951a6ecae120f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4d1b6105da514dcc5282c5d82cea93db

SHA1
4310d142b55f55e5a475ca72da6db1a244b0fe23

SHA256
5f5ee5259fb4e61d1c42aa6558c32dfaf63f96d73699843c0167a62d7fa19fd3

SHA512
84c694917f6d4d28566a31abc9bfcd6c757429952c573782621d91aac8af8322cdcb55d6c82a5465150aaa1cca90718b90434d851af946e67d0e9dbcf7209b16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a5b04f174cf90df9526f0823f4bbf056

SHA1
81e8060dfaf3971303f8808f8c47522e5b48e5b2

SHA256
124b8cd8e02896f00c7bb636aeacc3df2612506f610571fad22d6646ab8a0610

SHA512
98aad2bb8422948dbbc768b75c72b8075c1a743b232355dfcbd9423b9edab97c3f267b76acb6e7b87d7cae823af10a3f2eacbdc36e1c9a57703fc9215ba2eab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5ac610a07df1a35224b7f7ec59714b9a

SHA1
c00ec7b41255fafd076e7ebbbecafda5acbdd4d4

SHA256
3b814db1d2a8bc2ca7a8475cf627f867f9ec4249c1ecdbd0d204a170e282ea40

SHA512
4bb8a7c69a31594215e09245a817258fc8b752079f6a51a6286231893f7fe61a6adbea469342eef42d464e165647e38335859f04562629b31e22f1a0dc2354b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2d2dc085ba5fc85851f9a5a284864e61

SHA1
b1ef356f3afab5ce00c38472bcc5f95d7b86a36b

SHA256
c2712b4042e0af71c0c3caf2ed5be732470d6f0b1e39f82a861c36a5590e3c88

SHA512
5eb0aff86d9cc3e69faca6e61d573130e9c676aea4fec85182836406602738bacb68acdf591850ddb47ae459aebe0f239887e4a65a6f700ff5ae20f3fb871448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ab2934c8e8c234d3c402e17b680fcb6e

SHA1
0b5d075facd67fcf5a2b99eff27eeae7e8f13f17

SHA256
8e694497cde2908e6ad8a9ad08f256b930ab44bfa0beeceecbfb4531abb92a90

SHA512
19d941b9e57fcc635411e9e4ce2121aaf9f9ff6ed1c5d4bf962a4a8b3c941916c69e9d07610f741c069f5d22c48e40961ce910fb6a858a1729f29471ef9f91a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
29cb9895b6ff116d537d5bc0f04d94a3

SHA1
b9039e8fdf02bec326ae7bab453da829eaacffed

SHA256
62ef5d31f006f00ba93c761cf55bf88f954e02ef9d6f260cfb1a485bf8dfc15d

SHA512
07ea8526bff63b3e318896d7ae2cd3b79635eaa6dd44ffbc08e2a99d6edd4d3bbd2ff61d5754588481aeb40d63386fdb31603b7997b3d342ff079219b8bb0409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4cf1d89abaae8cc3006c64e1d8ff56a9

SHA1
67590c43e30594e80a20ecad4fbcff7489e469c2

SHA256
282cd9e0743ea04cf784bf0f1cdef4e77534c1a7c5a9a3ff136297e711868bf6

SHA512
776874eef257f60a05a4a2799843c4aa395b4007f01a111a342194178232c90501c66f8bcaa0aa65b75ba72e7196724194c3b1e8474106d5f4dbe4b0960bbbf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b61343775f96506f37bde153b1ca1b69

SHA1
89b5d86e85d2b1f7aa3d6275b341bebfbb24b94d

SHA256
258eb778c9f4e925216dad3c5adefc1892a6caf65da3ddfde6f8c4a0642617ff

SHA512
1f3bf6150328a36e233bd32490142e85dabd82545e902ae350ff0c2eaa578a46cad6a50caa4fb4747e4e656856d6a529631181fe3abca66b609a0f32a8d5a477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4cd2d969d2b008c13bdca2bb7e41c24b

SHA1
25abf7d0dcb42c7f85d57c27a5a28329d46f7428

SHA256
3edc1938eb29dcbcb5e3cc0e4dfa0ec2854479ecb70a867e907361a7ca324a7d

SHA512
3d495ea9aec823a1b8bb9e52e80a2eaab74f8a923f961e10f24b113c7ce6ee3654bd1a5c5c6f94128bf5e47303070682b56a510f517e5b10a82a6bd7af828cbc

Download Submit
memory/5652-265-0x0000020F0C290000-0x0000020F0C291000-memory.dmp

Filesize
4KB

Download
memory/5652-279-0x0000020F0BEA0000-0x0000020F0BEA1000-memory.dmp

Filesize
4KB

Download
memory/5652-267-0x0000020F0C290000-0x0000020F0C291000-memory.dmp

Filesize
4KB

Download
memory/5652-268-0x0000020F0C290000-0x0000020F0C291000-memory.dmp

Filesize
4KB

Download
memory/5652-269-0x0000020F0C290000-0x0000020F0C291000-memory.dmp

Filesize
4KB

Download
memory/5652-270-0x0000020F0C290000-0x0000020F0C291000-memory.dmp

Filesize
4KB

Download
memory/5652-271-0x0000020F0C290000-0x0000020F0C291000-memory.dmp

Filesize
4KB

Download
memory/5652-272-0x0000020F0C290000-0x0000020F0C291000-memory.dmp

Filesize
4KB

Download
memory/5652-273-0x0000020F0BEB0000-0x0000020F0BEB1000-memory.dmp

Filesize
4KB

Download
memory/5652-274-0x0000020F0BEA0000-0x0000020F0BEA1000-memory.dmp

Filesize
4KB

Download
memory/5652-276-0x0000020F0BEB0000-0x0000020F0BEB1000-memory.dmp

Filesize
4KB

Download
memory/5652-266-0x0000020F0C290000-0x0000020F0C291000-memory.dmp

Filesize
4KB

Download
memory/5652-282-0x0000020F0BDE0000-0x0000020F0BDE1000-memory.dmp

Filesize
4KB

Download
memory/5652-264-0x0000020F0C290000-0x0000020F0C291000-memory.dmp

Filesize
4KB

Download
memory/5652-294-0x0000020F0BFE0000-0x0000020F0BFE1000-memory.dmp

Filesize
4KB

Download
memory/5652-296-0x0000020F0BFF0000-0x0000020F0BFF1000-memory.dmp

Filesize
4KB

Download
memory/5652-297-0x0000020F0BFF0000-0x0000020F0BFF1000-memory.dmp

Filesize
4KB

Download
memory/5652-298-0x0000020F0C100000-0x0000020F0C101000-memory.dmp

Filesize
4KB

Download
memory/5652-263-0x0000020F0C290000-0x0000020F0C291000-memory.dmp

Filesize
4KB

Download
memory/5652-262-0x0000020F0C260000-0x0000020F0C261000-memory.dmp

Filesize
4KB

Download
memory/5652-246-0x0000020F03C70000-0x0000020F03C80000-memory.dmp

Filesize
64KB

Download
memory/5652-230-0x0000020F03B70000-0x0000020F03B80000-memory.dmp

Filesize
64KB

Download