hxxps://support[.]google[.]com/drive/answer/6283888#gid=1616818362

Resubmissions

19/03/2024, 18:15

240319-wwd19abe91 1

19/03/2024, 18:10

240319-wsajnabe2v 1

Analysis

max time kernel
448s
max time network
450s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://support.google.com/drive/answer/6283888#gid=1616818362

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1004	msedge.exe
1004	msedge.exe
920	msedge.exe
920	msedge.exe
1816	identity_helper.exe
1816	identity_helper.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	5624	svchost.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 920 wrote to memory of 1624	920	msedge.exe	89
PID 920 wrote to memory of 1624	920	msedge.exe	89
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 3692	920	msedge.exe	90
PID 920 wrote to memory of 1004	920	msedge.exe	91
PID 920 wrote to memory of 1004	920	msedge.exe	91
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92
PID 920 wrote to memory of 2232	920	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://support.google.com/drive/answer/6283888#gid=1616818362
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5cf146f8,0x7ffa5cf14708,0x7ffa5cf14718
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,4732728871389683122,868801044013183987,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,4732728871389683122,868801044013183987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,4732728871389683122,868801044013183987,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4732728871389683122,868801044013183987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4732728871389683122,868801044013183987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,4732728871389683122,868801044013183987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,4732728871389683122,868801044013183987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4732728871389683122,868801044013183987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4732728871389683122,868801044013183987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4732728871389683122,868801044013183987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4732728871389683122,868801044013183987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,4732728871389683122,868801044013183987,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5380 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1776

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:5172

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
81KB

MD5
4a2096d65aa0dd8879648b482ab6dc62

SHA1
547abfef49f903e1bd1ff7a0d8c4ae3a58ec33fd

SHA256
1e386d71201159bfb79fe65ba5b72f4fcc6d71199805d54b2883261d9364e653

SHA512
528a62c1ca1f4cc8dba5729335b8a240e3efa188cad4a04f7fc61ddfb6c4973dc1f6ce4b462fb3489f00de879bb19369f3a9d9159efb48432123f1b27a8df159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
35KB

MD5
aeff2e86c8ad785aa244e7c8fd59225a

SHA1
640063183f6049c4f83edab5ceacffce5a21db1d

SHA256
32ce145b63920125c915daa877c98211b145f3bb38c64df60ed6ba4cc670d9e6

SHA512
2152511f47fcba32193107871b03a7940e79e0e795dbcd2a3bcfdbd55da9295660607614ce77286bac655624c5694f0467fcdc61f2412f6abd2fb006a6af918e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
66KB

MD5
dfeef2bd72ccddb2133c6cf108cfdb33

SHA1
e8621e8b4f8a985a78a2721843208465bfac7901

SHA256
a13d7c6762838f278e369c9c1382b0b3aaad194c59a8ba753918dcfcafe6f927

SHA512
dc9b3ab3a88bf70da372d2f54a64900b9b7f3fc0f16ecbe00b0989d566edf701fe18572831ef30f66347da1d7f7a6ad02a5641e87b54add723392c91f70ecc0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
27KB

MD5
93e7c16239dbaa1d7ce242fe773a0950

SHA1
69f8f623b98f7271246e5104e5b0be96666be9cc

SHA256
4c08b630669724d71e5946faa29c85e9f62ca9e5aad1cb9625ffe27fb0f14d32

SHA512
bf660c22bcd64eeb197953ef2a43e31bcf73564e2cf854384bdc1b050a9804581b7cbfbaa8fa24afe3f5621cc43ad72c2c88d9d9dfabf302aa8290c5dbf40c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3653004befb613c5_0

Filesize
27KB

MD5
76e1f6819dc8e0ab152d16cdecd48210

SHA1
4be89e6f61d497664ec2c4b146d4b33bb8f44e58

SHA256
bd653385d6c2c0ba36524d2501f13f7c92346641bb85e4434a0772331b7cd2fe

SHA512
ae073fd7116560aad7bf3ce43f48bc44037189463b38ea57a4f371cc07fff9240cd9c968e1d5417766e1527c5917e6a55dffb00df8333587310fbfabedd52ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a2f12e9292a9646_0

Filesize
379B

MD5
34552622077271c4d272b1301b92765a

SHA1
b201f403b45e851e5ef95a8b31e31aa1afdea57e

SHA256
d9d5618e4701caedb7fbb8c77f5a0f967f4079ebfd9a0cf9228cccba37b0e71e

SHA512
a77366e1ce80ebef0683810dee800d91b84d9ebdada070aacf4b4db937d024f3c26511d251b07d8fb1e1468c1637173d5d7b34495301b656f8ad6b0a343a5ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9b7208c287548f74_0

Filesize
111KB

MD5
29ca3a671bdcdcec3cf043bc0430dd9a

SHA1
fd99bf71ae78066fe3af215ab022abd474b08663

SHA256
a70e7afe2fb950f830465c10abd2aab5a4db766cab485a15b91e41d912212294

SHA512
a9d6d4028fc09174fa04361a0a69f36ee2555bdcdd02c7f0c7693d7d92304847f238093116590d2b3d60d68789559c2997817168bb835dbdf730c5a5dae86c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
c212672f4ba299b9852ba4974977fd4e

SHA1
8122bb5b935c7997a418e8daa7e68048d5252f85

SHA256
e8df78cbf61c1bcb9e462afd6b5fbf750c6c398a3bd430c58278dbf64c3b4472

SHA512
ab19c39a36fe8d884cd5f1be5a5f8f2f2eace12696bbe0703f9d4e2d2f6153763e11f96e768c060dd969db901d53c16c80b438c75665b1301d025a066f8e44b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3e22d2b2c6c0102a4076d6d4d045f1d3

SHA1
e05bedbcc6ee9215868d74bc6cc0ad3a30d276bc

SHA256
edcd645349969410841617d394dd9d7f3ec769b635239e5926577c461dc7d334

SHA512
8be44fad467fa64a85f8760538df8c5d6e821be37b0d37ea884ea2bfce4a209d75051a216ceac03d6e9ec9cece18ea6024fe2d3e61cf60df04f904cbd0fce841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e2c2d14ef8ba78b45dc48f5d32638efc

SHA1
049a5788c58520b2377cfb28722c5a29300cce23

SHA256
a6c305e0f3888c29e6384d0eb6dc0dd58ee4db348183d5fcec3ef73c80b69387

SHA512
eb9cdd53fef0bde17fe35dbcf3f93d0bb197ddc74ea6d8993a4d9344638afdc6aebc98dbc74891b93203db9cd3cbfc995dac2d85b0466569a7dd25475aae2abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cecf26ddc5854e16e8f32960271b77c0

SHA1
e562d36ec7e7a3705c126dccb3de0467bfdcda3a

SHA256
1159165134b41de3265b641c3a3dc8711c9324953d52a5a9f52282d76eb97d03

SHA512
3cf1c45f5dc21e6682f94d0523b9cbaaab0c4e8bb04ab01fc588751053926519a4c6a5780f8b1428d0e8a2e65784b8a66b06df48a41ab6ef4ff32fc68dfa440b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
392995414821c298ef7c5be9c22377ba

SHA1
332415c302175a69a3a9adfd7c38e6da837313a0

SHA256
6ed4c9b225852b8273941d5b9b06b892f675af1f2cfddffe7a389e94c8a00ef0

SHA512
2ddedea1b1a89e662b46975b78a37810f83adac754da47646e5ef9c2de35c916abd987862a9bf7d9a307641d9167d19279f9ffda1d271e3b4428ce6471dde060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c5e50382f1f6de6642b4621e791ee7f1

SHA1
f3082d0dc01c85fe1b6688ff3ef19bbbc376d088

SHA256
afaab60431186037181c1e16b4b1ddf4af1d811c0400fe5e89314a960d236a1d

SHA512
66b4380b6453e274859ae78229767be23556b7182013f811905bd4d1d20e8fc7094bf7fed8a1fdb7aac5e0dac9767821a6fba57853add83d6cd2e64633ef251e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7fc3bb5e90551ace816307a32b9f8a13

SHA1
03d04ca1e33db0e1d45615991e498ab52930a841

SHA256
1c43d6035b1f022ef7585f4d7139fe6b2558e895b7dc0d4e4579f794a8e7caf7

SHA512
b50bb63aada3d4876dfe5c6d161aa80ccbb96bc8137e318f90f4aa266f109648fb366d2832f02202489bb48027debe8cdaf012765007a1be9b2d01b6be025a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e1755f5548873dbd30251b05678476dd

SHA1
a4ace74a8cbde68a8b62a126e9ac1bbdfb4ace0d

SHA256
08a58f893cd9a9c99d777c3fa8826f7688e84996b807280871fb7aec5fe25e4f

SHA512
144f7e611b52ffa57d78f4ced982a7f2b0eb63e52dfb876c2dbc935186612f8ab8b003e56c0514f3ac41ab85494b313b72163f03ac26cb9f4d1826a36b44ebb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d34f3976e77be991ee4654a4129ff112

SHA1
d565092f0bae822393c29935669dd94c7c5fc84d

SHA256
5e7452447eb1161ce645ed9d73c5dc1bf1768586b49a4b5beed2a8bd7f2b2e11

SHA512
d4f2c6f4796e798bca8262ee2ab4d6e44038b0158ed470a756a9ead97a94eb0e82ad16aae6bcbe43dc79eca9e2bf4b0e8030aaaaa71177f98eb112d00326e489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
08b6a2e3ca2a0807cd57f275e9fe418c

SHA1
3c0ffedc1c22d93f7c7fbf4dc2eca859822eb8e2

SHA256
3b0b216435b9a36f73f072f12e2e7526f720c427bde58bbd5a14f956d1c44a48

SHA512
8c60016f36ed161c7642108e8245e434d986afe597d439ecafaf87d040c2e3028fb0fa440e82db1b789f409e23b2283519a86c22d146b9ad092fea3e722a26c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
685ec1121aab164d23bf415f53e0a463

SHA1
2c3eefb3af408b69e0bc4009a67441b3ec5c96bf

SHA256
14c10876881b0daec39ab46c97dd8b05ece1bb2e515ed938fc339844ae57ac3c

SHA512
3c1a15b3eca7990e7e53cd88dc0ed283e558609e21b41276e22716a89515900422c9f430638c9a19cf7d3619810afb370e2676d71e73d485fc3a9bd4b258626c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
57ac6d66e509502ebe15f588ad9ce8af

SHA1
17c92206345aafe0d13d5ffee97cdb5f7a4fbc98

SHA256
eca312b829c992bbb745f10cf9ba19f38cb645766419f555f3c483f72b36fac7

SHA512
a3cf0882f3b67b4c72fec1a5aa1d3b98c52c54c71e144a1db32a17fc9d266c219cd13900f77032f20344b3098c41c392be03c83ce2af1070aea07e942532220f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d3ea.TMP

Filesize
1KB

MD5
e95a825804c304f046f8f02a1c0614b4

SHA1
9451393629992d469aabb3a6d35d75b53915eeba

SHA256
87afb92bfea497c68f516fd653719624a87b5f215abecdf9bdd0f1523734a5a8

SHA512
2533dd85f4f7cda4c9fb529a1bbf6248b85e124f8c4737d743e687a08c3a2d5daee2e93bcbcda1a16f55dc1c335e768e9adb3cb17053fd34471a9a80554a4cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ce6d97378704b30f0d874ef13726cb7e

SHA1
f507dfebceb149135bce9517b96f8655a164897f

SHA256
82be60bc69c3db4e0946c93bcf4636c290b8d22c67eecd1ce08242a2ce6c3230

SHA512
c12e7e28b0af15f7c721c751cc9690a853af463408e189e0b09a24012d96cfcd53f5a226da230aa89c430f6a71a0523c86d7a265ff49d0b99dd713129f311c33

Download Submit
memory/5624-342-0x0000022FC4F40000-0x0000022FC4F50000-memory.dmp

Filesize
64KB

Download
memory/5624-358-0x0000022FC5040000-0x0000022FC5050000-memory.dmp

Filesize
64KB

Download
memory/5624-374-0x0000022FCD3B0000-0x0000022FCD3B1000-memory.dmp

Filesize
4KB

Download
memory/5624-376-0x0000022FCD3E0000-0x0000022FCD3E1000-memory.dmp

Filesize
4KB

Download
memory/5624-377-0x0000022FCD3E0000-0x0000022FCD3E1000-memory.dmp

Filesize
4KB

Download
memory/5624-378-0x0000022FCD4F0000-0x0000022FCD4F1000-memory.dmp

Filesize
4KB

Download