hxxps://drive[.]google[.]com/file/d/198KksL6jlp8csIb_aytcZMk2FNhxXH6O/view?usp=sharing

Analysis

max time kernel
904s
max time network
892s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
23-04-2024 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/198KksL6jlp8csIb_aytcZMk2FNhxXH6O/view?usp=sharing

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

6 drive.google.com
2 drive.google.com
5 drive.google.com

flow	ioc
6	drive.google.com
2	drive.google.com
5	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
4236	msedge.exe
4236	msedge.exe
5072	msedge.exe
5072	msedge.exe
2412	identity_helper.exe
2412	identity_helper.exe
2044	msedge.exe
2044	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

5072 msedge.exe
5072 msedge.exe
5072 msedge.exe
5072 msedge.exe
5072 msedge.exe
5072 msedge.exe
5072 msedge.exe
5072 msedge.exe
5072 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5072 wrote to memory of 5060	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 5060	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4704	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4236	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4236	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe
PID 5072 wrote to memory of 4828	5072	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/198KksL6jlp8csIb_aytcZMk2FNhxXH6O/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdad5b3cb8,0x7ffdad5b3cc8,0x7ffdad5b3cd8
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7534312376385332077,12780573867369232997,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
2⤵
PID:4704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,7534312376385332077,12780573867369232997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,7534312376385332077,12780573867369232997,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
2⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7534312376385332077,12780573867369232997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7534312376385332077,12780573867369232997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7534312376385332077,12780573867369232997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
2⤵
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7534312376385332077,12780573867369232997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
2⤵
PID:1252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7534312376385332077,12780573867369232997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
2⤵
PID:1416

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,7534312376385332077,12780573867369232997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7534312376385332077,12780573867369232997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
2⤵
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7534312376385332077,12780573867369232997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
2⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,7534312376385332077,12780573867369232997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7534312376385332077,12780573867369232997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
2⤵
PID:3860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7534312376385332077,12780573867369232997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
2⤵
PID:3028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7534312376385332077,12780573867369232997,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:408

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\155ffd7c-b441-4ba7-87bc-a6c858ef7176.tmp
Filesize
11KB

MD5
46e6d44c8119a4c5b0b1e47a9947a20f

SHA1
78bb77fb42156601f2be48942c073301b80f5c65

SHA256
c2b42330e537a15ec0f179f96e5c1b91af13c77465b6eb910b2c8f016a69ffdd

SHA512
fdd7a71c3635fbdd46c7bfa61c8465de36e1f929e836096de473f67f77e7bc72649003577955f109817e21a54854137e55bfd9e15ed9b99d982c290987637216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
54caf18c2cda579e0dad6a9fc5179562

SHA1
357d25de14903392900d034e37f5918b522e17c9

SHA256
28d77529de92eb605d8afee0e133a7d08e13d4386e5e38d63e2da34623eaad6b

SHA512
88da5a33df9d82408afb8344ec7dbaf7686435fdb55eccfb85d5560f39861e84cef5d71949d5efe7a191778e6be755a8448f3fc3d7043007037f9f5227e10210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
696ffba7b83ecf008523e96918f200d9

SHA1
970d90e22c8b3674fc33cdd1913c51ef28514255

SHA256
dc6dacd725d7385b2e4db1f488d93f2840d2289efdaaf3737849304d1ab9ba34

SHA512
f8528683b70b58376f3eba3338fa6b462c9e9248c72524573005cff6397a0556bdcc2fdc2ebb020ba8218bc8174ba552002f223a245dfe3d3688826d24d63237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
ac3dc1080ffdad7fbab1e7fee5d06e88

SHA1
e2fd645b41d63ffe3d15c8b9c09a244751aea578

SHA256
3a7c442c588261dd571cf2f5089ad73dbcc439d49e1de88f95d4fbb2633c4302

SHA512
baa9bb6b7dd561438a08b07ef5178d29aa431b261214ea6bda0a63130c4a8dfdb1efe467642e1076f5dee96352338a553ae9f4eae5ec2dc98d77d09be9e10afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
1fca4b8a4a4e6b1e28ddbbef05e092da

SHA1
cff2549e77de0a3fd4018858a4281894f09ca9cd

SHA256
8cc98373a5d3fa14b9b5921bc2a4fd9c830521a6337a4ff30c37a24197ef0105

SHA512
d798636e56977e1adaf504d7450c54fa24410a6d98f09710631eded17df748a3fcafdfa5b9074fb5f54029a68fe10976b81e795c0e07e8a82d4e96b46779167d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
586b3b2999e0448b2d7cb4c502ecdce4

SHA1
8a84ce47406c36c411c1fb00575fb4556a4f364e

SHA256
73573d4cb66bddc80097d809d818ad696698720d577516effd34989bdff09eda

SHA512
df7ea2900b00a3de4f4d63de7dcefc969858313b0b3251bd5c19c64d60a6ac59083740852914073130860c2e095467f79a9c927f9b059319cc631656198da162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
1bb51d2bbbce0322e0ba09e7553f0b3b

SHA1
c62de2c18d7cab601d1d8f00a4b26cbb2ba0c089

SHA256
bae9f0782cbf7d56b12e20ac526d3b8f7d08ca5e0c2fac782f26804b13f68a00

SHA512
1c089cbbc53afab8800fdbd6d58cc7922e3bbd302b50b877be1c3efd76ce61d68f382034f49667dc1396de2ee73beac04aacb7b92dbd41b53f6c1e92b70af2d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
7bb69ca970fc3992b3d4a571f9e65e9f

SHA1
58c9204fb4ba288018bf665dc3b87631cbe71e43

SHA256
724271a33104cbb61ea40541f88a09eb01e5f116efaa342b896c0ff5f3dd978d

SHA512
5e04ab07f9f8cc94478846b7e5fee6aed6605e2498545b3dd7ae7f0eb7be72249b2ea7f9b2bc40ed7bf7bb2e3ec2db8c8f1ac6793af552ebd1ebe9aaa686a494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
dcecdd0337bcc78a9c369dc4491a25e1

SHA1
f700bceade2425b8d65dff5c96477258aebd534d

SHA256
2196b698bfaf31d111396f92ae8d73da7458de3441cf398253ae4acc6feaafdf

SHA512
5ea5fae0931ac05192335698f862c405558af384d092a0b4c21e917838a76efc6cbad6ae4fceae3fba422fd7cbce3ca818454bb2e8602a6d780a9b8df756ee0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
e7101e0b4233bc0b08a4199f108ae1e4

SHA1
703f08cec416dfca079e099e01a874d8ead90113

SHA256
788689f0f3cf2f48d5450ce9f339b6d7d402d573dba142c2a0334e8f728fec1d

SHA512
071f144e6bd9a20155a7b65a4204e1bcf8f8eece4ec007c30d1312e5d194df4bd30c94400a707e2a5cd3ca33734df8c59a0a5a093374fdffca72c6c5fbecaa44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
e5f40206c06d67457538b9cb51e6cbf6

SHA1
443191f94c11ee86adf4cc8f7b529e285070705c

SHA256
f454c037cc6ebdd85814bdf51d453b1672618c60b7db547145c16e713f18df8e

SHA512
ff69be1c7ea0a02835a4e947d6f4ec4e4691bf4d14a2ac42692db01a942e3b211e1f4e78ddbbe32399d81d016408566296df116a97defbf2ff418e2a91f67171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
f8dc0e4bd386fa68db52508451f13322

SHA1
87b684599de2526d05aac2c09ee69ea0e8a84736

SHA256
129a382ffa37ea0bd97d02a27ff06b0007ef60df1fd0ac6e58f6fd7019bef3f6

SHA512
c74306943dd79f1276beb9cdb1defc679e2f8e110776b9f025528f9195756821a09138f40efbda2efb8412040a3317c971a474fb1152c35099950d5a0d7d1089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
e2ef491d3118e4effc2f89418214dad6

SHA1
a8fba04799b36e90d2604e0bef25cd06fcd17432

SHA256
d80f7392ebc41403bd6ec576cd449929c1ce55e779c2addb7fdd728d06003fcd

SHA512
0a539f70e601cdf96029aebd01edf6035152817900aa2f6a6d0a744629e5ce4b12d38dcb1cb8bf238a3569e00bf27d791eccfc70d2cecc131d0e9ba831b770cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
9ceb55e4711c0c509ab4492cbe700487

SHA1
5b59a012c610452455d551a2bbe4e14d242022be

SHA256
a567e9fe177d4190b26e222352e41338203bab521d4d42a8ad9c34036b5ca6dd

SHA512
a1d449dd195303d1bf119aaebd8a86fa221719d75cccf148cdd6e099779170f40b4a11e2ff1f039255b1b9647fa05e7578a85a29609ae9a889517541370b1e22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
0cdef421bc8fa897b19e41d77509afa2

SHA1
78b41938921867385371348d6db6fcafb32ef8e0

SHA256
3be91ca4da641345b115edf76081df20c7df07a7ab2d28e1555d54787cb8e809

SHA512
7857385ebecb80ee470460681d3ae5f295ac2269597c1ac5de3c7307de43c7cbd021d3433af1a448a44fb30ba812c6e2351d42da46ff78ee31c77a0682600edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
845b2eaeeac3399aa638542ea8ecd94e

SHA1
ebfe13e767a8d55ecac5498bfe6c2494fd8dac43

SHA256
f4fb2dd6693988d7afa087dbabc2a6cad750b138c9a95de098897b22dcaf8446

SHA512
3822042a731827be51824b1abc24d3dce5d87cfe3a874cee2cbdd06375d09aff174bc36fdd337156649ea255bab2e631fc20da3827f88640ca5f8c12d7fc0283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8c0e76d847ab1169e692983e3bb774d3

SHA1
64cd45fd0ac72dc24f44d018fd1c895ec50f33af

SHA256
7f18d6ca05b8d2d22de2e16d449ed1b1c0872b2a62736a95d5b7fcafd34a1cb0

SHA512
3f58616384a95c0e71f1ca2fc217201d46b929b346a82285fbd8a2f6c49a2921382b2378ffb058cd5bf7322b12433234eb47815e140ffc9ee76a813a3700c4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
\??\pipe\LOCAL\crashpad_5072_TBQGIEVGRKISRZOS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit